Overview

overview

10

Static

static

3

NjRat 0.7D.exe

windows10-1703-x64

10

Resubmissions

15-03-2024 02:26

240315-cwxc2sgc95 10

15-03-2024 02:16

240315-cqf4wagb79 10

15-03-2024 02:03

240315-cgx12adg9z 3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NjRat.0.7D.zip

  • Size

    9.2MB

  • Sample

    240315-cqf4wagb79

  • MD5

    6a4984809b0b295b75d8a52095a70f73

  • SHA1

    5b7fd2737d6f7c5541c17704534f7602f7465b8d

  • SHA256

    902576f7f90174513a45bc82796b82c9264a57c82c0c72b7c9bf11e7da6bba96

  • SHA512

    f54954b82b36c57604960c020e5674e413ca61a61111290c1712036d1f00175f1263967c5ce3674c5d28e606d3c06013d0d331faba24a3a1d77bd38429f22a1d

  • SSDEEP

    196608:p3uLx63wJLFj37EL6GnrrrpPFXXmwB15EiuVnaUrHBB9UB:p4x+Gj3gXrr19Gwr+aQFm

Score
10/10
njratmybotevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

MyBot

C2

127.0.0.1:6522

Mutex

d2319c4fe39ba9c40104010969686b29

Attributes
  • reg_key

    d2319c4fe39ba9c40104010969686b29

  • splitter

    Y262SUCZ4UJJ

Targets

    • Target

      NjRat 0.7D.exe

    • Size

      8.5MB

    • MD5

      70ea9c044c9a766330d3fe77418244a5

    • SHA1

      18602d0db52917b88cbdab84ba89181e6fd4686a

    • SHA256

      b78fb092e151db613cba51d7f2532547e48c6f4712809a485f272e2ab55776a5

    • SHA512

      5261865e7ca21e928b956a97518366c9dc218a2312961e0ba0b72b37ae7c797176382de3c3dc1d2949aca51c3db330562f1087a71efdc7c3c3b8f8928872f917

    • SSDEEP

      98304:cn9aRMDoMu2EW5nnim//7uvwCt5tuo32v:cni6nnim//7uVtF

    Score
    10/10
    njratmybotevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks