njrat | 0992c903425c04bb257f9dc5ae24f2f9315671b711ede082e5705bff5ddf6522

General

Target

0992c903425c04bb257f9dc5ae24f2f9315671b711ede082e5705bff5ddf6522
Size

7KB
Sample

210913-v2byeaebf6
MD5

0152ba660d23a2bb6edda5078fc936fa
SHA1

253c14c6dd3e5aaa224b2cb6bfc9a53012896776
SHA256

0992c903425c04bb257f9dc5ae24f2f9315671b711ede082e5705bff5ddf6522
SHA512

8c2dbe5d3dce477f24d80b2221bc3ebd48bdc923bb599758e116ef4db05f91c392e484e0f46e072809108d11fc7433481f01b3f7d7a0e184114daad8ee5ab666

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://cdn.discordapp.com/attachments/835468911642279977/886054903166947418/Dragon.jpg

Extracted

Family

njrat

Version

v2.0

Botnet

HacKed

C2

d3dx-botnet.portmap.host:7276

Mutex

Windows

Attributes

reg_key
Windows
splitter
|-F-|

Targets

- Target
  
  0992c903425c04bb257f9dc5ae24f2f9315671b711ede082e5705bff5ddf6522
- Size
  
  7KB
- MD5
  
  0152ba660d23a2bb6edda5078fc936fa
- SHA1
  
  253c14c6dd3e5aaa224b2cb6bfc9a53012896776
- SHA256
  
  0992c903425c04bb257f9dc5ae24f2f9315671b711ede082e5705bff5ddf6522
- SHA512
  
  8c2dbe5d3dce477f24d80b2221bc3ebd48bdc923bb599758e116ef4db05f91c392e484e0f46e072809108d11fc7433481f01b3f7d7a0e184114daad8ee5ab666
Score

10^/10

njrat hacked trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Blocklisted process makes network request
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

njRAT/Bladabindi

Blocklisted process makes network request

Drops startup file

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2