njrat | 7bb2d03443f9d9cbd077e00e6641bba83adc53d9cb733eb8d07fe933d74b7038 | Triage

Sharing

General

Target

7bb2d03443f9d9cbd077e00e6641bba83adc53d9cb733eb8d07fe933d74b7038
Size

214KB
Sample

210228-8gtssv93mn
MD5

1eac514932ad4926c95479423fad7fcd
SHA1

eb23571ff2b397c141eb73e5bcc5ea822cec275d
SHA256

7bb2d03443f9d9cbd077e00e6641bba83adc53d9cb733eb8d07fe933d74b7038
SHA512

14f0a347d1ee6d8d85ab0cc060646c84a503441fb45749d7fde38c79623468b6935330bfbbb83aca3c424521d327f53058420dd311e62ea098871fddf6495a1c

Score

10^/10

njrat hacked evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

127.0.0.1:5552

Mutex

165d6ed988ac1dbec1627a1ca9899d84

Attributes

reg_key
165d6ed988ac1dbec1627a1ca9899d84
splitter
|'|'|

Targets

- Target
  
  7bb2d03443f9d9cbd077e00e6641bba83adc53d9cb733eb8d07fe933d74b7038
- Size
  
  214KB
- MD5
  
  1eac514932ad4926c95479423fad7fcd
- SHA1
  
  eb23571ff2b397c141eb73e5bcc5ea822cec275d
- SHA256
  
  7bb2d03443f9d9cbd077e00e6641bba83adc53d9cb733eb8d07fe933d74b7038
- SHA512
  
  14f0a347d1ee6d8d85ab0cc060646c84a503441fb45749d7fde38c79623468b6935330bfbbb83aca3c424521d327f53058420dd311e62ea098871fddf6495a1c
Score

10^/10

njrat hacked evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

njrathackedevasiontrojan