njrat | 78b5fb7cbde356e0620afee36e4908e1985fbe17aaf30eaa896ecdf7c5f10f0b | Triage

Sharing

General

Target

289bce792735d436f48355e55ea0276f.exe
Size

246KB
Sample

211026-qsyzcshfa5
MD5

289bce792735d436f48355e55ea0276f
SHA1

1438cd6b0e96ee1b6d9d3d17e3bc0177c9034ed8
SHA256

78b5fb7cbde356e0620afee36e4908e1985fbe17aaf30eaa896ecdf7c5f10f0b
SHA512

f7216462891aa8937a0d512f6219c0b180ff5582494d0a54b093ca7cc65ae75665a1d2f5faec6ff916fe8d79ee179ffd10ae432a1d8c8aa58c09f6c9c4e6bfa2

Score

10^/10

njrat ------(xxx)------trojan

Malware Config

Extracted

Family

njrat

Version

v2.0

Botnet

------(XxX)------

C2

new.libya2020.com.ly:2020

Mutex

Windows

Attributes

reg_key
Windows
splitter
|-F-|

Targets

- Target
  
  289bce792735d436f48355e55ea0276f.exe
- Size
  
  246KB
- MD5
  
  289bce792735d436f48355e55ea0276f
- SHA1
  
  1438cd6b0e96ee1b6d9d3d17e3bc0177c9034ed8
- SHA256
  
  78b5fb7cbde356e0620afee36e4908e1985fbe17aaf30eaa896ecdf7c5f10f0b
- SHA512
  
  f7216462891aa8937a0d512f6219c0b180ff5582494d0a54b093ca7cc65ae75665a1d2f5faec6ff916fe8d79ee179ffd10ae432a1d8c8aa58c09f6c9c4e6bfa2
Score

10^/10

njrat ------(xxx)------trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

njrat------(xxx)------trojan