njrat | 01db025f5878054f556dbb972e62ca5ec38a44a2ab9291e53b6cb019e89e3b95 | Triage

Sharing

General

Target

01db025f5878054f556dbb972e62ca5ec38a44a2ab9291e53b6cb019e89e3b95
Size

23KB
Sample

220128-qqnqlsdcgl
MD5

dd5699246b80540dd884a3d605f7be56
SHA1

537ff7480ecbc643193416ca134357d1bef80b42
SHA256

01db025f5878054f556dbb972e62ca5ec38a44a2ab9291e53b6cb019e89e3b95
SHA512

70f5a2651506da39bba368e2c7e1228727cf47737ed64b80700027765a1dae44268fe85ccf6d8ed19f94341808a2dc4028d38b8ee58d0766095729d89849a431

Score

10^/10

njrat hacked evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

supernovaswag.ignorelist.com:5552

Mutex

d0f93c61091a2240aa3fd0d7912b4f59

Attributes

reg_key
d0f93c61091a2240aa3fd0d7912b4f59
splitter
|'|'|

Targets

- Target
  
  01db025f5878054f556dbb972e62ca5ec38a44a2ab9291e53b6cb019e89e3b95
- Size
  
  23KB
- MD5
  
  dd5699246b80540dd884a3d605f7be56
- SHA1
  
  537ff7480ecbc643193416ca134357d1bef80b42
- SHA256
  
  01db025f5878054f556dbb972e62ca5ec38a44a2ab9291e53b6cb019e89e3b95
- SHA512
  
  70f5a2651506da39bba368e2c7e1228727cf47737ed64b80700027765a1dae44268fe85ccf6d8ed19f94341808a2dc4028d38b8ee58d0766095729d89849a431
Score

10^/10

njrat evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratevasiontrojan

behavioral2

njratevasiontrojan