njrat | 29bd0ab3b7cb939a7def1c4e4bb78c3c9d7e19d580e6292b155e89b13820309f | Triage

Sharing

General

Target

P48274Q89.vbs
Size

872B
Sample

211221-j7wdfscfb3
MD5

028b34eb17d379cf3688e72225cd95da
SHA1

851db5268715999fc8db2d6292096d19e3830d3b
SHA256

29bd0ab3b7cb939a7def1c4e4bb78c3c9d7e19d580e6292b155e89b13820309f
SHA512

8e1be3d7de63e20e5d8737486b123dff598894bab17f15e69e2ac0f648e4d52b81e261aff26657fc4533ed20845d921e8aec1df2333fe8eeb1ab6d0763975405

Score

10^/10

njrat hacked trojan

Malware Config

Extracted

Family

njrat

Version

v2.0

Botnet

HacKed

C2

sxeodus12.duckdns.org:5552

Mutex

Windows

Attributes

reg_key
Windows
splitter
|-F-|

Targets

- Target
  
  P48274Q89.vbs
- Size
  
  872B
- MD5
  
  028b34eb17d379cf3688e72225cd95da
- SHA1
  
  851db5268715999fc8db2d6292096d19e3830d3b
- SHA256
  
  29bd0ab3b7cb939a7def1c4e4bb78c3c9d7e19d580e6292b155e89b13820309f
- SHA512
  
  8e1be3d7de63e20e5d8737486b123dff598894bab17f15e69e2ac0f648e4d52b81e261aff26657fc4533ed20845d921e8aec1df2333fe8eeb1ab6d0763975405
Score

10^/10

njrat hacked trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Blocklisted process makes network request
- Executes dropped EXE
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

njrathackedtrojan