njrat | 919022b4d48980a56a1805f80646201ae7312cdf64891c3ac591e7eb33a96973 | Triage

Sharing

General

Target

919022b4d48980a56a1805f80646201ae7312cdf64891c3ac591e7eb33a96973
Size

1.1MB
Sample

210228-tpwgz2fs66
MD5

45b373ced7450861037af028411f1d8a
SHA1

28ec29af913ff03ca829abc0ffdafbfa6fa74b72
SHA256

919022b4d48980a56a1805f80646201ae7312cdf64891c3ac591e7eb33a96973
SHA512

fd18c97d3216928a077aca31b2ca1a80ee78cf674b4b2adedc6073fcb2199f6f79b64f2f981c9f4fff0bf31a6d7fdb388a78487629d175980dabbb29d8bdb05b

Score

10^/10

njrat evasion trojan

Malware Config

Targets

- Target
  
  919022b4d48980a56a1805f80646201ae7312cdf64891c3ac591e7eb33a96973
- Size
  
  1.1MB
- MD5
  
  45b373ced7450861037af028411f1d8a
- SHA1
  
  28ec29af913ff03ca829abc0ffdafbfa6fa74b72
- SHA256
  
  919022b4d48980a56a1805f80646201ae7312cdf64891c3ac591e7eb33a96973
- SHA512
  
  fd18c97d3216928a077aca31b2ca1a80ee78cf674b4b2adedc6073fcb2199f6f79b64f2f981c9f4fff0bf31a6d7fdb388a78487629d175980dabbb29d8bdb05b
Score

10^/10

njrat evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Drops startup file
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratevasiontrojan

behavioral2

njratevasiontrojan