njrat | 0313735280c96410eb3eccff1010df754bb5cdb2ae9b8f621e5851fac5cfd6f0 | Triage

Sharing

General

Target

Web Gallery of Art_September_2021_.bin
Size

631KB
Sample

210909-lw4lssfhe6
MD5

ac237aefbf8e53fbf24b8d1d4b70f10a
SHA1

58f39a15fbd94565c7e63f0b1023a6fd3e4c94b1
SHA256

0313735280c96410eb3eccff1010df754bb5cdb2ae9b8f621e5851fac5cfd6f0
SHA512

aec271ca36c8b85999570bab38c9e5fec71f65df90cfd447c81e9c9cb087c251f9ec2dd56e1df30cb8df13ea107f6187c43efd23cba37cc30a1c842958969eee

Score

10^/10

njrat galary_mon_09_09 trojan

Malware Config

Extracted

Family

njrat

Version

v2.0

Botnet

Galary_MON_09_09

C2

37.120.141.158:18892

Mutex

Windows

Attributes

reg_key
Windows
splitter
|-F-|

Targets

- Target
  
  Web Gallery of Art_September_2021_.bin
- Size
  
  631KB
- MD5
  
  ac237aefbf8e53fbf24b8d1d4b70f10a
- SHA1
  
  58f39a15fbd94565c7e63f0b1023a6fd3e4c94b1
- SHA256
  
  0313735280c96410eb3eccff1010df754bb5cdb2ae9b8f621e5851fac5cfd6f0
- SHA512
  
  aec271ca36c8b85999570bab38c9e5fec71f65df90cfd447c81e9c9cb087c251f9ec2dd56e1df30cb8df13ea107f6187c43efd23cba37cc30a1c842958969eee
Score

10^/10

njrat galary_mon_09_09 trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njratgalary_mon_09_09trojan

behavioral2

njratgalary_mon_09_09trojan