njrat | 177f9f3c631ca92707d439f496a2a0b69aa51fbfd856aab74beb105ebb69ec3d | Triage

Sharing

General

Target

177f9f3c631ca92707d439f496a2a0b69aa51fbfd856aab74beb105ebb69ec3d
Size

1.5MB
Sample

210228-bxlm2t2dtx
MD5

ff35e4993b1c740b0372662d81d6f75e
SHA1

b9ce736b318e87f73964c66faa175fe3546703d5
SHA256

177f9f3c631ca92707d439f496a2a0b69aa51fbfd856aab74beb105ebb69ec3d
SHA512

765a982bd099cd796ec08673ee9665544717b06e63cbf85bd02d155c7a32475853f2a6739d8e6c5ae659e764c8c62bdfea631cd3c6a20ffa50293635846ac516

Score

10^/10

njrat hacked evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

127.0.0.1:5552

Mutex

165d6ed988ac1dbec1627a1ca9899d84

Attributes

reg_key
165d6ed988ac1dbec1627a1ca9899d84
splitter
|'|'|

Targets

- Target
  
  177f9f3c631ca92707d439f496a2a0b69aa51fbfd856aab74beb105ebb69ec3d
- Size
  
  1.5MB
- MD5
  
  ff35e4993b1c740b0372662d81d6f75e
- SHA1
  
  b9ce736b318e87f73964c66faa175fe3546703d5
- SHA256
  
  177f9f3c631ca92707d439f496a2a0b69aa51fbfd856aab74beb105ebb69ec3d
- SHA512
  
  765a982bd099cd796ec08673ee9665544717b06e63cbf85bd02d155c7a32475853f2a6739d8e6c5ae659e764c8c62bdfea631cd3c6a20ffa50293635846ac516
Score

10^/10

njrat hacked evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

njrathackedevasiontrojan