njrat | e80b7525c04cf98d2bb872559472d9d98f803cb43d02dd45c219c8b2f69ad02f | Triage

Sharing

General

Target

cc579df05cc94213fa649e5e6a7bb249.exe
Size

37KB
Sample

211230-sha6nagab4
MD5

cc579df05cc94213fa649e5e6a7bb249
SHA1

231683a72b0a4406b177ea62a45b2b06c37acfb9
SHA256

e80b7525c04cf98d2bb872559472d9d98f803cb43d02dd45c219c8b2f69ad02f
SHA512

dc63ba9c154fad079f6ef9d5de9a0b1ee5919d1cf64dcd54f2563069efd56685d374aacc9d197a9ac69494781e492133f7459e87516e3827c3eb6c944756c0dc

Score

10^/10

njrat hacked evasion trojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

80.64.80.233:8007

Mutex

abbc667e1c50def29b48feb179075d94

Attributes

reg_key
abbc667e1c50def29b48feb179075d94
splitter
|'|'|

Targets

- Target
  
  cc579df05cc94213fa649e5e6a7bb249.exe
- Size
  
  37KB
- MD5
  
  cc579df05cc94213fa649e5e6a7bb249
- SHA1
  
  231683a72b0a4406b177ea62a45b2b06c37acfb9
- SHA256
  
  e80b7525c04cf98d2bb872559472d9d98f803cb43d02dd45c219c8b2f69ad02f
- SHA512
  
  dc63ba9c154fad079f6ef9d5de9a0b1ee5919d1cf64dcd54f2563069efd56685d374aacc9d197a9ac69494781e492133f7459e87516e3827c3eb6c944756c0dc
Score

10^/10

njrat hacked evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackedevasiontrojan

behavioral2

njrathackedevasiontrojan