njrat | ab5bfb7c642e59a9c8a6f372ee4847bf5cbc9222ba8a4459997e7cd64cb97145 | Triage

Sharing

General

Target

ab5bfb7c642e59a9c8a6f372ee4847bf5cbc9222ba8a4459997e7cd64cb97145
Size

310KB
Sample

210922-qned6afdcm
MD5

7d800ad9f415b03e6bb9a029fa57a3ec
SHA1

73d737b77a8fea41dad18dc6cdde0892b0dc9796
SHA256

ab5bfb7c642e59a9c8a6f372ee4847bf5cbc9222ba8a4459997e7cd64cb97145
SHA512

5549ec9bdf48419ad8edaceb1120ad4c8ccc0ead7057a7349ca40ccd997c70244eb1c102a4f63e03acd76947a76a0456dc00473458c18509b803451779c5bf0a

Score

10^/10

njrat evasion trojan

Malware Config

Targets

- Target
  
  ab5bfb7c642e59a9c8a6f372ee4847bf5cbc9222ba8a4459997e7cd64cb97145
- Size
  
  310KB
- MD5
  
  7d800ad9f415b03e6bb9a029fa57a3ec
- SHA1
  
  73d737b77a8fea41dad18dc6cdde0892b0dc9796
- SHA256
  
  ab5bfb7c642e59a9c8a6f372ee4847bf5cbc9222ba8a4459997e7cd64cb97145
- SHA512
  
  5549ec9bdf48419ad8edaceb1120ad4c8ccc0ead7057a7349ca40ccd997c70244eb1c102a4f63e03acd76947a76a0456dc00473458c18509b803451779c5bf0a
Score

10^/10

njrat evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Drops startup file
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njratevasiontrojan

behavioral2

njratevasiontrojan