njrat | 1c604e040c04be9fad3129d7bd9c69b7f8057050b2002605dde1f5e60817f89a | Triage

Sharing

General

Target

1c604e040c04be9fad3129d7bd9c69b7f8057050b2002605dde1f5e60817f89a
Size

23KB
Sample

220128-1247vafbh2
MD5

60a74fa453a8a2f8516ccb0c459883cd
SHA1

ab4cb48bb3653e8d3ef5ffa7a0437560ba2a1120
SHA256

1c604e040c04be9fad3129d7bd9c69b7f8057050b2002605dde1f5e60817f89a
SHA512

a0fe1c61001a26ba21508b5c40809077b898e0c29564e454b3c743debb3be4602900d80b0b035401f92d5d4a1ca98190dcbbb53118f36793624b1cad13e1b4d2

Score

10^/10

njrat drooper cdt evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

DROOPER CDT

C2

office365update.duckdns.org:5552

Mutex

9da5a4d9d81cbdb68df61cb62ac3a45d

Attributes

reg_key
9da5a4d9d81cbdb68df61cb62ac3a45d
splitter
|'|'|

Targets

- Target
  
  1c604e040c04be9fad3129d7bd9c69b7f8057050b2002605dde1f5e60817f89a
- Size
  
  23KB
- MD5
  
  60a74fa453a8a2f8516ccb0c459883cd
- SHA1
  
  ab4cb48bb3653e8d3ef5ffa7a0437560ba2a1120
- SHA256
  
  1c604e040c04be9fad3129d7bd9c69b7f8057050b2002605dde1f5e60817f89a
- SHA512
  
  a0fe1c61001a26ba21508b5c40809077b898e0c29564e454b3c743debb3be4602900d80b0b035401f92d5d4a1ca98190dcbbb53118f36793624b1cad13e1b4d2
Score

10^/10

njrat evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

drooper cdtnjrat

behavioral1

njratevasiontrojan

behavioral2

njratevasiontrojan