njrat | hxxps://cdn[.]discordapp[.]com/attachments/1157926082046087209/1157984935236345856/Server[.]exe?ex=651a9902&is=65194782&hm=8d8383e30c6e9367f51596774f6fa35d3b40a22d6568aac6ad3b11d568ae6583& | Triage

Sharing

Copy URL Twitter E-mail

General

Target

https://cdn.discordapp.com/attachments/1157926082046087209/1157984935236345856/Server.exe?ex=651a9902&is=65194782&hm=8d8383e30c6e9367f51596774f6fa35d3b40a22d6568aac6ad3b11d568ae6583&
Sample

231001-mcdrpsbd83

Score

10^/10

njrat hacked evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

hakim32.ddns.net:2000

147.185.221.16:57012

Mutex

67b58e0872c1b83ef9c9f017e194d03d

Attributes

reg_key
67b58e0872c1b83ef9c9f017e194d03d
splitter
|'|'|

Targets

- Target
  
  https://cdn.discordapp.com/attachments/1157926082046087209/1157984935236345856/Server.exe?ex=651a9902&is=65194782&hm=8d8383e30c6e9367f51596774f6fa35d3b40a22d6568aac6ad3b11d568ae6583&
Score

10^/10

njrat hacked evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Downloads MZ/PE file
- Modifies Windows Firewall
  evasion
- Drops startup file
- Executes dropped EXE
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

urlscan1

behavioral1

njrathackedevasiontrojan