njrat | b00cc9a4292fc5cc4ae5371ea1615ec6e49ebaf061dc4eccde84a6f96d95747c | Triage

Sharing

General

Target

b00cc9a4292fc5cc4ae5371ea1615ec6e49ebaf061dc4eccde84a6f96d95747c
Size

301KB
Sample

220128-xkp5tabce3
MD5

544f19284ac70ecd29148c64b8be6553
SHA1

7916ec40bd85d8d9e3de0bcef59547c3b22fc73c
SHA256

b00cc9a4292fc5cc4ae5371ea1615ec6e49ebaf061dc4eccde84a6f96d95747c
SHA512

5cacb64edb0870d9585e152d2d82d2507f9f98b882b97e68f5472bb05592e0aabbcb130a893109f74a18a5d6e726241f6eb6cc95009094064d87b08e9cd50f10

Score

10^/10

njrat cass evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

cass

C2

107.167.244.67:31922

Mutex

cf6e3f95a16ddd65e5d5ff36b6f40c8d

Attributes

reg_key
cf6e3f95a16ddd65e5d5ff36b6f40c8d
splitter
|'|'|

Targets

- Target
  
  b00cc9a4292fc5cc4ae5371ea1615ec6e49ebaf061dc4eccde84a6f96d95747c
- Size
  
  301KB
- MD5
  
  544f19284ac70ecd29148c64b8be6553
- SHA1
  
  7916ec40bd85d8d9e3de0bcef59547c3b22fc73c
- SHA256
  
  b00cc9a4292fc5cc4ae5371ea1615ec6e49ebaf061dc4eccde84a6f96d95747c
- SHA512
  
  5cacb64edb0870d9585e152d2d82d2507f9f98b882b97e68f5472bb05592e0aabbcb130a893109f74a18a5d6e726241f6eb6cc95009094064d87b08e9cd50f10
Score

10^/10

njrat cass evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratcassevasiontrojan

behavioral2

njratcassevasiontrojan