njrat | 6c45909d6311f8d356ddc704b27bd975cb3336a7b6e172206165bff613f94a2a | Triage

Sharing

General

Target

6c45909d6311f8d356ddc704b27bd975cb3336a7b6e172206165bff613f94a2a
Size

563KB
Sample

220128-y7j3radbc7
MD5

520d99a761256efa473281d597886d42
SHA1

30fe6c541971404e7d51b0dfd47afd973481286c
SHA256

6c45909d6311f8d356ddc704b27bd975cb3336a7b6e172206165bff613f94a2a
SHA512

6de782abf5b5db8b8215b872fa6015cf78597bf22eacaf6ff2e58cc4af2c166c3f912ae12c2266763189df2f9b0da5aaaa9f0713340205e95c37705a3a320821

Score

10^/10

njrat upload c.d.t evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

Upload C.D.T

C2

office365update.duckdns.org:2000

Mutex

5cd8f17f4086744065eb0992a09e05a2

Attributes

reg_key
5cd8f17f4086744065eb0992a09e05a2
splitter
|'|'|

Targets

- Target
  
  6c45909d6311f8d356ddc704b27bd975cb3336a7b6e172206165bff613f94a2a
- Size
  
  563KB
- MD5
  
  520d99a761256efa473281d597886d42
- SHA1
  
  30fe6c541971404e7d51b0dfd47afd973481286c
- SHA256
  
  6c45909d6311f8d356ddc704b27bd975cb3336a7b6e172206165bff613f94a2a
- SHA512
  
  6de782abf5b5db8b8215b872fa6015cf78597bf22eacaf6ff2e58cc4af2c166c3f912ae12c2266763189df2f9b0da5aaaa9f0713340205e95c37705a3a320821
Score

10^/10

njrat upload c.d.t evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratupload c.d.tevasiontrojan

behavioral2

njratupload c.d.tevasiontrojan