njrat | 303424a6536eedb027734b0557a32a064ceb0ed35f225d3f434a010fa13fe106 | Triage

Sharing

General

Target

303424A6536EEDB027734B0557A32A064CEB0ED35F225.exe
Size

342KB
Sample

210926-pp3byaehb6
MD5

ab09790ec8dbb4c257d8a7c0f3a49943
SHA1

1b45a0349f77c7e07b725d32a5a32e80c00eef24
SHA256

303424a6536eedb027734b0557a32a064ceb0ed35f225d3f434a010fa13fe106
SHA512

b420c0e0064de4038ad332316168e59ab88a6ffd63c5ccc1eb36c7b29a2b449591fc0af0557399e9677d8a503302c9e50ccf060f56e7c971cfe0d6ebeb814db3

Score

10^/10

njrat bayramm evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

BAYRAMM

C2

cihan05.duckdns.org:1981

Mutex

47da9b71ec9839dd4ca48977f70dcfda

Attributes

reg_key
47da9b71ec9839dd4ca48977f70dcfda
splitter
|'|'|

Targets

- Target
  
  303424A6536EEDB027734B0557A32A064CEB0ED35F225.exe
- Size
  
  342KB
- MD5
  
  ab09790ec8dbb4c257d8a7c0f3a49943
- SHA1
  
  1b45a0349f77c7e07b725d32a5a32e80c00eef24
- SHA256
  
  303424a6536eedb027734b0557a32a064ceb0ed35f225d3f434a010fa13fe106
- SHA512
  
  b420c0e0064de4038ad332316168e59ab88a6ffd63c5ccc1eb36c7b29a2b449591fc0af0557399e9677d8a503302c9e50ccf060f56e7c971cfe0d6ebeb814db3
Score

10^/10

njrat bayramm evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Drops startup file
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njratbayrammevasiontrojan

behavioral2

njratbayrammevasiontrojan