njrat | fdf4af9ad999272ebf9fa0c1d3c374615e2c8f2a5a5598f9d3ad1a0f3fd5a627 | Triage

Sharing

General

Target

fdf4af9ad999272ebf9fa0c1d3c374615e2c8f2a5a5598f9d3ad1a0f3fd5a627
Size

194KB
Sample

220121-3pfd3adcf4
MD5

1bdd22a17a650cff37601bfb7ff5de58
SHA1

728fc6952f1d038bd1fdf01b44c4af05e363a4bb
SHA256

fdf4af9ad999272ebf9fa0c1d3c374615e2c8f2a5a5598f9d3ad1a0f3fd5a627
SHA512

6e7f19d4ff5709a4eccad60005c7c0d466ec395bb0a87da3ccedbea0a5bee2d2098165d3e765f06a1e2cb76387454397a2a68280b3f15a9c50ce2eb6e5c8e3bb

Score

10^/10

njrat vistima trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

VISTIMA

C2

trabajo2019.duckdns.org:2020

Mutex

ef4f7f28c949781a94b69311553c83e5

Attributes

reg_key
ef4f7f28c949781a94b69311553c83e5
splitter
|'|'|

Targets

- Target
  
  fdf4af9ad999272ebf9fa0c1d3c374615e2c8f2a5a5598f9d3ad1a0f3fd5a627
- Size
  
  194KB
- MD5
  
  1bdd22a17a650cff37601bfb7ff5de58
- SHA1
  
  728fc6952f1d038bd1fdf01b44c4af05e363a4bb
- SHA256
  
  fdf4af9ad999272ebf9fa0c1d3c374615e2c8f2a5a5598f9d3ad1a0f3fd5a627
- SHA512
  
  6e7f19d4ff5709a4eccad60005c7c0d466ec395bb0a87da3ccedbea0a5bee2d2098165d3e765f06a1e2cb76387454397a2a68280b3f15a9c50ce2eb6e5c8e3bb
Score

10^/10

njrat vistima trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratvistimatrojan

behavioral2

njratvistimatrojan