njrat | b7f5245002784627da1996be95b0e18abd73df0da01cbb268e39c5d39f04f4e8 | Triage

Sharing

General

Target

tmp/603fc39a-a94f-4607-a68c-cdfe8e403c95_1643.exe
Size

23KB
Sample

211216-wg955sdcgk
MD5

558d83545b3096f901e84dd00bccd9e8
SHA1

f8a62eb35a55307eaea56a4d689b1d9e68e303ea
SHA256

b7f5245002784627da1996be95b0e18abd73df0da01cbb268e39c5d39f04f4e8
SHA512

af4bcdb32071d2aef39fbe71f54466af07eb788ba9494af7f7937c93ac77cf341465bb733a0ba587f12606dc4c114d81293ae287f2041c8df0c3539bb3ce857d

Score

10^/10

njrat coooooin evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

COOOOOin

C2

facebook-sports.publicvm.com:1643

Mutex

c594020b32b858bc072fb76065d697d0

Attributes

reg_key
c594020b32b858bc072fb76065d697d0
splitter
|'|'|

Targets

- Target
  
  tmp/603fc39a-a94f-4607-a68c-cdfe8e403c95_1643.exe
- Size
  
  23KB
- MD5
  
  558d83545b3096f901e84dd00bccd9e8
- SHA1
  
  f8a62eb35a55307eaea56a4d689b1d9e68e303ea
- SHA256
  
  b7f5245002784627da1996be95b0e18abd73df0da01cbb268e39c5d39f04f4e8
- SHA512
  
  af4bcdb32071d2aef39fbe71f54466af07eb788ba9494af7f7937c93ac77cf341465bb733a0ba587f12606dc4c114d81293ae287f2041c8df0c3539bb3ce857d
Score

10^/10

njrat evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njratevasiontrojan

behavioral2

njratevasiontrojan