njrat | 539c30c4e7235d64fd756efb20269392c66c63cb295d8c7a2349befd10974d20 | Triage

Sharing

General

Target

539c30c4e7235d64fd756efb20269392c66c63cb295d8c7a2349befd10974d20N
Size

23KB
Sample

241004-22e4dswbkf
MD5

22f91e626d0fe5a846faa521ee222760
SHA1

6e32cc6a1e766666e1d6a0b2ccc934546586afe5
SHA256

539c30c4e7235d64fd756efb20269392c66c63cb295d8c7a2349befd10974d20
SHA512

89c377af07431696b8903d2ed698c5a6a29ee16f5d2a385659f804fa39c97d6516da96a463dc3ac84eb22a1fcbfebea95d0950b31a4b48bb358b80470be0886a
SSDEEP

384:68aZYC9twBNdcvFaly2H0dbJo6HghcASEJqc/ZmRvR6JZlbw8hqIusZzZM+:kY+sNKqNHnSdRpcnu4

Score

10^/10

njrat mybot discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

MyBot

C2

777ys.cc:3339

Mutex

88a4b49c2c04ad4a3eef175140304af8

Attributes

reg_key
88a4b49c2c04ad4a3eef175140304af8
splitter
|'|'|

Targets

- Target
  
  539c30c4e7235d64fd756efb20269392c66c63cb295d8c7a2349befd10974d20N
- Size
  
  23KB
- MD5
  
  22f91e626d0fe5a846faa521ee222760
- SHA1
  
  6e32cc6a1e766666e1d6a0b2ccc934546586afe5
- SHA256
  
  539c30c4e7235d64fd756efb20269392c66c63cb295d8c7a2349befd10974d20
- SHA512
  
  89c377af07431696b8903d2ed698c5a6a29ee16f5d2a385659f804fa39c97d6516da96a463dc3ac84eb22a1fcbfebea95d0950b31a4b48bb358b80470be0886a
- SSDEEP
  
  384:68aZYC9twBNdcvFaly2H0dbJo6HghcASEJqc/ZmRvR6JZlbw8hqIusZzZM+:kY+sNKqNHnSdRpcnu4
Score

10^/10

njrat discovery evasion persistence privilege_escalation trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratdiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

njratdiscoveryevasionpersistenceprivilege_escalationtrojan