njrat | c37bcf56f3404eee897781ecdf994f8c733dcc0a402fa21bd440756a1467ae83 | Triage

Sharing

General

Target

aaa.exe
Size

23KB
Sample

230719-nn2tcaee7y
MD5

dd20d42a1555ecd374d47c41bfab8417
SHA1

374e9490ab73d7e9d0cf225d0e96d2ca77becbfb
SHA256

c37bcf56f3404eee897781ecdf994f8c733dcc0a402fa21bd440756a1467ae83
SHA512

a260e1b7de92028aff2b379972f9199948460dcc1d81ce86389226edeef3559f8fed2f468da998172374690efb414559ec4e8528be746d0e955136d91e52266b
SSDEEP

384:QMK6b2GZsx/Yr1+liORH1kcPFQ6Lg9gSOYRr9mRvR6JZlbw8hqIusZzZKm:zb9glF51LRpcnuW

Score

10^/10

njrat svchost evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

svchost

C2

192.168.218.139:5552

Mutex

33a8054157a3a1616c2f71e43acb6e31

Attributes

reg_key
33a8054157a3a1616c2f71e43acb6e31
splitter
|'|'|

Targets

- Target
  
  aaa.exe
- Size
  
  23KB
- MD5
  
  dd20d42a1555ecd374d47c41bfab8417
- SHA1
  
  374e9490ab73d7e9d0cf225d0e96d2ca77becbfb
- SHA256
  
  c37bcf56f3404eee897781ecdf994f8c733dcc0a402fa21bd440756a1467ae83
- SHA512
  
  a260e1b7de92028aff2b379972f9199948460dcc1d81ce86389226edeef3559f8fed2f468da998172374690efb414559ec4e8528be746d0e955136d91e52266b
- SSDEEP
  
  384:QMK6b2GZsx/Yr1+liORH1kcPFQ6Lg9gSOYRr9mRvR6JZlbw8hqIusZzZKm:zb9glF51LRpcnuW
Score

10^/10

njrat evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratevasionpersistencetrojan

behavioral2

njratevasionpersistencetrojan