njrat | 7fac1840ad4e66c62cfc1f90ddf1951e6422457555c57048ac987e080a13e14b | Triage

Sharing

General

Target

7fac1840ad4e66c62cfc1f90ddf1951e6422457555c57048ac987e080a13e14b
Size

794KB
Sample

210930-n5sl1aheb7
MD5

4ca8b569fa3d95c9c619135ca8c8f7b3
SHA1

0f3cf76fb9382928c6c8ab19408154fdc6386926
SHA256

7fac1840ad4e66c62cfc1f90ddf1951e6422457555c57048ac987e080a13e14b
SHA512

371c5356bb0cc382505f492ec3dc90340005fe8591c668cc07c25439693e350177588088d753695d0d5258d91a0f8181f390ebcf00983947fe482328f9f64298

Score

10^/10

njrat @ hacking by dr west @evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

@ HaCkInG By Dr WeSt @

Mutex

de3533c5cf00b5a9a0d499054fac5999

Attributes

reg_key
de3533c5cf00b5a9a0d499054fac5999
splitter
|'|'|

Targets

- Target
  
  7fac1840ad4e66c62cfc1f90ddf1951e6422457555c57048ac987e080a13e14b
- Size
  
  794KB
- MD5
  
  4ca8b569fa3d95c9c619135ca8c8f7b3
- SHA1
  
  0f3cf76fb9382928c6c8ab19408154fdc6386926
- SHA256
  
  7fac1840ad4e66c62cfc1f90ddf1951e6422457555c57048ac987e080a13e14b
- SHA512
  
  371c5356bb0cc382505f492ec3dc90340005fe8591c668cc07c25439693e350177588088d753695d0d5258d91a0f8181f390ebcf00983947fe482328f9f64298
Score

10^/10

njrat @ hacking by dr west @evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrat@ hacking by dr west @evasiontrojan

behavioral2

njrat@ hacking by dr west @evasiontrojan