njrat | 846c121840d5733fc9ffed9baf40ef76dad6011ee88f8382b828df3aa61e2a22

General

Target

RSOAW_#010.vbs
Size

1KB
Sample

211123-ynn8csecf6
MD5

1a82973cdecd6bd1a070e0b14fb9210f
SHA1

97b096ff116dd27bc2a20f5c58c87b03d6b1e7ff
SHA256

846c121840d5733fc9ffed9baf40ef76dad6011ee88f8382b828df3aa61e2a22
SHA512

09c473a93334b970599bfe26a3e0936d85c34ef0f711ce82bf2640a145601463686812c04962f38460bef025035cf524aac187185b51ffeb95c91fb99b7cc49c

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://fs12n2.sendspace.com/dlpro/de7e01fb2feeae8700b438a36e907097/619d05a0/jnmrpk/eyuow.txt

Extracted

Family

njrat

Version

1.9

Botnet

HacKed

Mutex

Microsoft.Exe

Attributes

reg_key
Microsoft.Exe

Targets

- Target
  
  RSOAW_#010.vbs
- Size
  
  1KB
- MD5
  
  1a82973cdecd6bd1a070e0b14fb9210f
- SHA1
  
  97b096ff116dd27bc2a20f5c58c87b03d6b1e7ff
- SHA256
  
  846c121840d5733fc9ffed9baf40ef76dad6011ee88f8382b828df3aa61e2a22
- SHA512
  
  09c473a93334b970599bfe26a3e0936d85c34ef0f711ce82bf2640a145601463686812c04962f38460bef025035cf524aac187185b51ffeb95c91fb99b7cc49c
Score

10^/10

njrat hacked evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Blocklisted process makes network request
- Modifies Windows Firewall
  evasion
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1

T1031

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

njRAT/Bladabindi

Blocklisted process makes network request

Modifies Windows Firewall

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2