njrat | 5bf23d17dde3b16d144bb5f163de6668e8417ca0413ea3c452c98471ea4b5a07 | Triage

Sharing

General

Target

5bf23d17dde3b16d144bb5f163de6668e8417ca0413ea3c452c98471ea4b5a07
Size

212KB
Sample

210228-eswrk4ntqe
MD5

56e36007e69bf07cfd244cb8d4ea1768
SHA1

4bbca8de8ff9f1a6ce6427a082e072826df6d2fe
SHA256

5bf23d17dde3b16d144bb5f163de6668e8417ca0413ea3c452c98471ea4b5a07
SHA512

0cdca52f9ecae4485f08c407cb766a9cf2516b95f0aed0dd53fca2cceb5671d8b47fa48c9d1f01b73560e490bb6e341a54a83ef610ef546d9b12ff185035c04b

Score

10^/10

njrat hacked evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

127.0.0.1:5552

Mutex

165d6ed988ac1dbec1627a1ca9899d84

Attributes

reg_key
165d6ed988ac1dbec1627a1ca9899d84
splitter
|'|'|

Targets

- Target
  
  5bf23d17dde3b16d144bb5f163de6668e8417ca0413ea3c452c98471ea4b5a07
- Size
  
  212KB
- MD5
  
  56e36007e69bf07cfd244cb8d4ea1768
- SHA1
  
  4bbca8de8ff9f1a6ce6427a082e072826df6d2fe
- SHA256
  
  5bf23d17dde3b16d144bb5f163de6668e8417ca0413ea3c452c98471ea4b5a07
- SHA512
  
  0cdca52f9ecae4485f08c407cb766a9cf2516b95f0aed0dd53fca2cceb5671d8b47fa48c9d1f01b73560e490bb6e341a54a83ef610ef546d9b12ff185035c04b
Score

10^/10

njrat hacked evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackedevasiontrojan

behavioral2

njrathackedevasiontrojan