njrat | abb90463c8ceed4773216ac8f49c35de06e6f25faa1575a38e410af97ef3aa64 | Triage

Sharing

General

Target

a911ec39ff21e50649b6317f55243799.exe
Size

31KB
Sample

211026-sef8hahgd5
MD5

a911ec39ff21e50649b6317f55243799
SHA1

28fed905673ae72831256d68e03f51704668197c
SHA256

abb90463c8ceed4773216ac8f49c35de06e6f25faa1575a38e410af97ef3aa64
SHA512

0bfa4d51707968643dc106ecda59f4c244c22d1bc441740b70e6c3e85b147e1ea40f19d0a63878e0524f09599d6b2a9475f085321dc5f9b0f43fed3917309242

Score

10^/10

njrat sys_bot evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Sys_bot

C2

4.tcp.ngrok.io:16142

Mutex

ca3804637eabfb47684db9e4afac4527

Attributes

reg_key
ca3804637eabfb47684db9e4afac4527
splitter
Y262SUCZ4UJJ

Targets

- Target
  
  a911ec39ff21e50649b6317f55243799.exe
- Size
  
  31KB
- MD5
  
  a911ec39ff21e50649b6317f55243799
- SHA1
  
  28fed905673ae72831256d68e03f51704668197c
- SHA256
  
  abb90463c8ceed4773216ac8f49c35de06e6f25faa1575a38e410af97ef3aa64
- SHA512
  
  0bfa4d51707968643dc106ecda59f4c244c22d1bc441740b70e6c3e85b147e1ea40f19d0a63878e0524f09599d6b2a9475f085321dc5f9b0f43fed3917309242
Score

10^/10

njrat sys_bot evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratsys_botevasiontrojan

behavioral2

njratsys_botevasiontrojan