njrat | 62cc0a6c49abdef2906b8d9ebb2f60605ca5755d04d187e0b41682de13767e59 | Triage

Sharing

General

Target

62cc0a6c49abdef2906b8d9ebb2f60605ca5755d04d187e0b41682de13767e59
Size

55KB
Sample

210924-gzcv2agbb5
MD5

c88342b7f4b583c47b42dc05640b4056
SHA1

7be1282dcf2ef52f83532eb25217c66ed7084aa5
SHA256

62cc0a6c49abdef2906b8d9ebb2f60605ca5755d04d187e0b41682de13767e59
SHA512

495084793684e208097aa1029b0875f83f57b0187b9bdd11acc99a5028d143c36314ff95796195b453b7558bd58ef99541c516fba61981b08afa739c033fb08c

Score

10^/10

njrat @ hacking by dr west @evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

@ HaCkInG By Dr WeSt @

C2

w187.ddns.net:2020

Mutex

4ef9538b5a577a1bd3c1a578ea50c133

Attributes

reg_key
4ef9538b5a577a1bd3c1a578ea50c133
splitter
|'|'|

Targets

- Target
  
  62cc0a6c49abdef2906b8d9ebb2f60605ca5755d04d187e0b41682de13767e59
- Size
  
  55KB
- MD5
  
  c88342b7f4b583c47b42dc05640b4056
- SHA1
  
  7be1282dcf2ef52f83532eb25217c66ed7084aa5
- SHA256
  
  62cc0a6c49abdef2906b8d9ebb2f60605ca5755d04d187e0b41682de13767e59
- SHA512
  
  495084793684e208097aa1029b0875f83f57b0187b9bdd11acc99a5028d143c36314ff95796195b453b7558bd58ef99541c516fba61981b08afa739c033fb08c
Score

10^/10

njrat @ hacking by dr west @evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Drops startup file
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrat@ hacking by dr west @evasiontrojan

behavioral2

njrat@ hacking by dr west @evasiontrojan