njrat | 99f1de16413844a0134292c235e03d19abbeebcec7a61848f73b46fbe19b8d43 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Client.exe
Size

157KB
Sample

231013-dq3tbadh48
MD5

3d8e8076e9669284ecf79adf28a3c589
SHA1

7728302139e6e14e62e91988b694bb7f07c50839
SHA256

99f1de16413844a0134292c235e03d19abbeebcec7a61848f73b46fbe19b8d43
SHA512

d83ff3873753221fad73131262fbf9f7ec3d331ce26f75a2cf65ccd2aede75f761fd4f2d17d1f9300805564fa28ec92d11343ed65045ed1772f5280f6aebbca7
SSDEEP

3072:KXeUZVaLio9hPFkpMVn/sMM1hn1DYAPR6h2g:JLt9cMV/sMMpDYa6Eg

Score

10^/10

njrat evasion persistence trojan

Malware Config

Targets

- Target
  
  Client.exe
- Size
  
  157KB
- MD5
  
  3d8e8076e9669284ecf79adf28a3c589
- SHA1
  
  7728302139e6e14e62e91988b694bb7f07c50839
- SHA256
  
  99f1de16413844a0134292c235e03d19abbeebcec7a61848f73b46fbe19b8d43
- SHA512
  
  d83ff3873753221fad73131262fbf9f7ec3d331ce26f75a2cf65ccd2aede75f761fd4f2d17d1f9300805564fa28ec92d11343ed65045ed1772f5280f6aebbca7
- SSDEEP
  
  3072:KXeUZVaLio9hPFkpMVn/sMM1hn1DYAPR6h2g:JLt9cMV/sMMpDYa6Eg
Score

10^/10

njrat evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Drops startup file
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

njratevasionpersistencetrojan

behavioral2

njratevasionpersistencetrojan