njrat | d0a7edca52c4438b8d762c95b938497b23b03a26d1bbca6030efe02278cba873 | Triage

Sharing

General

Target

Setup.exe
Size

23KB
Sample

230606-labznade3t
MD5

530315190b0f070495170cdeed19a633
SHA1

747096c8177da1b0f54fc95ec10ceb33253512db
SHA256

d0a7edca52c4438b8d762c95b938497b23b03a26d1bbca6030efe02278cba873
SHA512

e250a01509e064b3a1c6d3fac9e59587800e8b0a1cce50689c6e2edab0565d876841d3f16cd06505d24d244d3135f8e1773ba892565f414ba24d81661eab3b7b
SSDEEP

384:T0jeCIYTNQZUuQnJXJeCXlwhPQ6VgDOwBHhdmRvR6JZlbw8hqIusZzZqs:w3jNAU/ZVX6RpcnuA

Score

10^/10

njrat hacked evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

Madest 0.7d

Botnet

HacKed

C2

dcsacrevc-46676.portmap.host:46676

Mutex

80c658117c3e8fc69d003db56b7c569a

Attributes

reg_key
80c658117c3e8fc69d003db56b7c569a
splitter
|'|'|

Targets

- Target
  
  Setup.exe
- Size
  
  23KB
- MD5
  
  530315190b0f070495170cdeed19a633
- SHA1
  
  747096c8177da1b0f54fc95ec10ceb33253512db
- SHA256
  
  d0a7edca52c4438b8d762c95b938497b23b03a26d1bbca6030efe02278cba873
- SHA512
  
  e250a01509e064b3a1c6d3fac9e59587800e8b0a1cce50689c6e2edab0565d876841d3f16cd06505d24d244d3135f8e1773ba892565f414ba24d81661eab3b7b
- SSDEEP
  
  384:T0jeCIYTNQZUuQnJXJeCXlwhPQ6VgDOwBHhdmRvR6JZlbw8hqIusZzZqs:w3jNAU/ZVX6RpcnuA
Score

10^/10

njrat evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njratevasionpersistencetrojan