njrat | 7c84531c6299e423eacc06007a52e9a0ce6b334f3e18fc53cf6d1aca1f6b1407 | Triage

Sharing

General

Target

7c84531c6299e423eacc06007a52e9a0ce6b334f3e18fc53cf6d1aca1f6b1407
Size

343KB
Sample

210908-k43h2aebg9
MD5

a4ef9b97bb27e933d21acf408213660e
SHA1

468f1788f892ee364922d4ad89b4015f1cf36a5b
SHA256

7c84531c6299e423eacc06007a52e9a0ce6b334f3e18fc53cf6d1aca1f6b1407
SHA512

db842526085b08d44e2325117defdc37624d9ecfa99f56a38a7ff87af795d8d934d63b46d25d432ae82f5d32fb50cc27be87b5e38a739db06a437bc81b070643

Score

10^/10

njrat sazanxd trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

SAZANXD

C2

20.94.209.182:8080

Mutex

5674c09c7f0c4298faa91f68465c425a

Attributes

reg_key
5674c09c7f0c4298faa91f68465c425a
splitter
|'|'|

Targets

- Target
  
  7c84531c6299e423eacc06007a52e9a0ce6b334f3e18fc53cf6d1aca1f6b1407
- Size
  
  343KB
- MD5
  
  a4ef9b97bb27e933d21acf408213660e
- SHA1
  
  468f1788f892ee364922d4ad89b4015f1cf36a5b
- SHA256
  
  7c84531c6299e423eacc06007a52e9a0ce6b334f3e18fc53cf6d1aca1f6b1407
- SHA512
  
  db842526085b08d44e2325117defdc37624d9ecfa99f56a38a7ff87af795d8d934d63b46d25d432ae82f5d32fb50cc27be87b5e38a739db06a437bc81b070643
Score

10^/10

njrat sazanxd trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njratsazanxdtrojan

behavioral2

njratsazanxdtrojan