njrat | hxxps://disk[.]yandex[.]ru/d/f8BWX4x3KHjTYA

Resubmissions

22/08/2023, 20:18

230822-y3bwksgf7w 10

22/08/2023, 20:14

230822-y1c1vsgf61 10

22/08/2023, 20:09

230822-yxa24agf6s 1

Sharing

Copy URL

Twitter E-mail

General

Target

https://disk.yandex.ru/d/f8BWX4x3KHjTYA
Sample

230822-y1c1vsgf61

Score

10^/10

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

6.tcp.eu.ngrok.io:13699

Mutex

a2b359686b88b829e368bf9d7166f810

Attributes

reg_key
a2b359686b88b829e368bf9d7166f810
splitter
|'|'|

Targets

- Target
  
  https://disk.yandex.ru/d/f8BWX4x3KHjTYA
Score

10^/10

njrat hacked evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Drops startup file
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

njRAT/Bladabindi

Modifies Windows Firewall

Drops startup file

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks

static1

urlscan1

behavioral1