njrat | d62f0e86c54f465b93bdab28f2ccc770999db63f8c69c937afcf66f9029eae3f | Triage

Sharing

General

Target

84c34b6c0b92ad5759a512d6846a98b2.exe
Size

31KB
Sample

210507-bqm7een7nj
MD5

84c34b6c0b92ad5759a512d6846a98b2
SHA1

7fa7e252916780fd92615e55626e4bea368c4dbe
SHA256

d62f0e86c54f465b93bdab28f2ccc770999db63f8c69c937afcf66f9029eae3f
SHA512

9737aa7437d3e3dd430903687a8fb560907c481537e202d54d28f76565fdef3a4d0d2f71b29bfc86a1d9ecbba40bdd70582dcba4cf7ba80612dd39d0d4529cc1

Score

10^/10

njrat mybot evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

MyBot

C2

6.tcp.ngrok.io:12194

Mutex

5f00a5bd21bef453c3bb48de1a4c154f

Attributes

reg_key
5f00a5bd21bef453c3bb48de1a4c154f
splitter
Y262SUCZ4UJJ

Targets

- Target
  
  84c34b6c0b92ad5759a512d6846a98b2.exe
- Size
  
  31KB
- MD5
  
  84c34b6c0b92ad5759a512d6846a98b2
- SHA1
  
  7fa7e252916780fd92615e55626e4bea368c4dbe
- SHA256
  
  d62f0e86c54f465b93bdab28f2ccc770999db63f8c69c937afcf66f9029eae3f
- SHA512
  
  9737aa7437d3e3dd430903687a8fb560907c481537e202d54d28f76565fdef3a4d0d2f71b29bfc86a1d9ecbba40bdd70582dcba4cf7ba80612dd39d0d4529cc1
Score

10^/10

njrat mybot evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njratmybotevasiontrojan

behavioral2

njratmybotevasiontrojan