njrat | f1aa781450060f7fb9525e1ba9913c9705b64211238a72934bf671e66f39e5a8 | Triage

Sharing

General

Target

f1aa781450060f7fb9525e1ba9913c9705b64211238a72934bf671e66f39e5a8
Size

124KB
Sample

210228-vc242kd6be
MD5

1de46652d51b32ebf74e6768f57ef6da
SHA1

83021b67f0d2413b512661e92ea476cbff147384
SHA256

f1aa781450060f7fb9525e1ba9913c9705b64211238a72934bf671e66f39e5a8
SHA512

24ef65c6f86ef6c3659e8028743b277c8d6c17adc3ee1735a76548f6594aeb9b262b103014e95624aaac912544158990840f1173d653f8f91a99d27753eb2aa1

Score

10^/10

njrat evasion trojan

Malware Config

Targets

- Target
  
  f1aa781450060f7fb9525e1ba9913c9705b64211238a72934bf671e66f39e5a8
- Size
  
  124KB
- MD5
  
  1de46652d51b32ebf74e6768f57ef6da
- SHA1
  
  83021b67f0d2413b512661e92ea476cbff147384
- SHA256
  
  f1aa781450060f7fb9525e1ba9913c9705b64211238a72934bf671e66f39e5a8
- SHA512
  
  24ef65c6f86ef6c3659e8028743b277c8d6c17adc3ee1735a76548f6594aeb9b262b103014e95624aaac912544158990840f1173d653f8f91a99d27753eb2aa1
Score

10^/10

njrat evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratevasiontrojan

behavioral2

njratevasiontrojan