njrat | 709f5f91598f05591278bf42365daf636148c58f5eb7788958e0f008cea56e76 | Triage

Sharing

General

Target

7d144e1188682f25888c3df5e5891e2c.exe
Size

37KB
Sample

211204-jgeysaddh2
MD5

7d144e1188682f25888c3df5e5891e2c
SHA1

1a291404e2cbb9322d80916bebd71d0703761e31
SHA256

709f5f91598f05591278bf42365daf636148c58f5eb7788958e0f008cea56e76
SHA512

fe89abf316f147b5ce12e90febc85d1c0556b848385e4ab1eec295449cc6b6ad696db6ea76e460dcd9a5fa5cabcfb4c1d9c90bd5f68659086e7d1009af8859f1

Score

10^/10

njrat hacked evasion trojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

127.0.0.1:5552

Mutex

2469e692684be56202e21f78f64bc45b

Attributes

reg_key
2469e692684be56202e21f78f64bc45b
splitter
|'|'|

Targets

- Target
  
  7d144e1188682f25888c3df5e5891e2c.exe
- Size
  
  37KB
- MD5
  
  7d144e1188682f25888c3df5e5891e2c
- SHA1
  
  1a291404e2cbb9322d80916bebd71d0703761e31
- SHA256
  
  709f5f91598f05591278bf42365daf636148c58f5eb7788958e0f008cea56e76
- SHA512
  
  fe89abf316f147b5ce12e90febc85d1c0556b848385e4ab1eec295449cc6b6ad696db6ea76e460dcd9a5fa5cabcfb4c1d9c90bd5f68659086e7d1009af8859f1
Score

10^/10

njrat hacked evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackedevasiontrojan

behavioral2

njrathackedevasiontrojan