njrat | 280fddec307e254eeec3dbdde416cdeb4dcb1bf3109a831c53a187416edee434 | Triage

Sharing

General

Target

8799faa67ea6a57c575d4981c0141d4e_JaffaCakes118
Size

72KB
Sample

240531-trclhsed78
MD5

8799faa67ea6a57c575d4981c0141d4e
SHA1

dcb69fac36507cd56c6b39e0e9d938d360d5632e
SHA256

280fddec307e254eeec3dbdde416cdeb4dcb1bf3109a831c53a187416edee434
SHA512

de4480b3e2442e2619628f7810a18b62fceaf2777adafe0d1a0359326b861497db72a722650159b10df88c11cd00f61bb98868994af55753df22a3f3e0f30bc6
SSDEEP

1536:Ex+QkioPe/OJmOkSZ68vo/1qQNmvQ0lnanB4vUT5aH4Id2+:EQVe/OJTkS9y1yQ0lnanB4u84Id2+

Score

10^/10

njrat hacked evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

127.0.0.1:1177

Mutex

212683d986fb740ad6a40184df48e604

Attributes

reg_key
212683d986fb740ad6a40184df48e604
splitter
|'|'|

Targets

- Target
  
  Server.exe
- Size
  
  23KB
- MD5
  
  63bf598091ec7d9dfa446075842e7d19
- SHA1
  
  c21408023315cecbe6117890175a5becdc376753
- SHA256
  
  9c994437d4b772f582a23b71aa0450c9757f21d795e94f6615554a0c509df5c9
- SHA512
  
  3ec91c96577281daa1f655a2c58b7915830c5e0ee2b226c04707d31e25aa3de67a01dae9c9168fe2300e33b33baac07e327dcd02535295cb96a47da3ff6f2576
- SSDEEP
  
  384:f8aLWS0dABLYVq6RxP8MDFF09vK563gRMmJKUv0mRvR6JZlbw8hqIusZzZbDlx:EXcwt3tRpcnuSn
Score

10^/10

njrat evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratevasionpersistencetrojan

behavioral2

njratevasionpersistencetrojan