njrat | abb90463c8ceed4773216ac8f49c35de06e6f25faa1575a38e410af97ef3aa64 | Triage

Sharing

General

Target

a911ec39ff21e50649b6317f55243799.exe
Size

31KB
Sample

211026-sef8hahgd5
MD5

a911ec39ff21e50649b6317f55243799
SHA1

28fed905673ae72831256d68e03f51704668197c
SHA256

abb90463c8ceed4773216ac8f49c35de06e6f25faa1575a38e410af97ef3aa64
SHA512

0bfa4d51707968643dc106ecda59f4c244c22d1bc441740b70e6c3e85b147e1ea40f19d0a63878e0524f09599d6b2a9475f085321dc5f9b0f43fed3917309242

Score

10^/10

njrat sys_bot evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Sys_bot

C2

4.tcp.ngrok.io:16142

Mutex

ca3804637eabfb47684db9e4afac4527

Attributes

reg_key
ca3804637eabfb47684db9e4afac4527
splitter
Y262SUCZ4UJJ

Targets

- Target
  
  a911ec39ff21e50649b6317f55243799.exe
- Size
  
  31KB
- MD5
  
  a911ec39ff21e50649b6317f55243799
- SHA1
  
  28fed905673ae72831256d68e03f51704668197c
- SHA256
  
  abb90463c8ceed4773216ac8f49c35de06e6f25faa1575a38e410af97ef3aa64
- SHA512
  
  0bfa4d51707968643dc106ecda59f4c244c22d1bc441740b70e6c3e85b147e1ea40f19d0a63878e0524f09599d6b2a9475f085321dc5f9b0f43fed3917309242
Score

10^/10

njrat sys_bot evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njratsys_botevasiontrojan

behavioral2

njratsys_botevasiontrojan