njrat | ee8671c0d32759c62ef7aa0b4025fcebdf5409619dd280b9e4db59f01d9a4e30 | Triage

Sharing

General

Target

c39d3e6cc6336562fed7fe6f1d4f05a1
Size

221KB
Sample

201214-szsjv72s42
MD5

c39d3e6cc6336562fed7fe6f1d4f05a1
SHA1

bce78fe671213b28f7ef11d992decac9bb8f9037
SHA256

ee8671c0d32759c62ef7aa0b4025fcebdf5409619dd280b9e4db59f01d9a4e30
SHA512

3cd0be68ec7b699a5addb197e7423e6318f65658aedcd90fefe445fcaa6c8fd4a2b6532c60c81a78d958fd73500d57c1ded1f43795c4d7f0c0077d837a81bf39

Score

10^/10

njrat hackked evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HackKed

C2

173.225.115.68:5353

Mutex

f2f557f71c86cd14f7ea630d1c319240

Attributes

reg_key
f2f557f71c86cd14f7ea630d1c319240
splitter
|'|'|

Targets

- Target
  
  c39d3e6cc6336562fed7fe6f1d4f05a1
- Size
  
  221KB
- MD5
  
  c39d3e6cc6336562fed7fe6f1d4f05a1
- SHA1
  
  bce78fe671213b28f7ef11d992decac9bb8f9037
- SHA256
  
  ee8671c0d32759c62ef7aa0b4025fcebdf5409619dd280b9e4db59f01d9a4e30
- SHA512
  
  3cd0be68ec7b699a5addb197e7423e6318f65658aedcd90fefe445fcaa6c8fd4a2b6532c60c81a78d958fd73500d57c1ded1f43795c4d7f0c0077d837a81bf39
Score

10^/10

njrat hackked evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathackkedevasiontrojan

behavioral2

njrathackkedevasiontrojan