njrat | 498fd1c4cb16f39974555d6e596fcea6c7da73f9f0f30f57fdc8177fc3feaa4e | Triage

Sharing

General

Target

498fd1c4cb16f39974555d6e596fcea6c7da73f9f0f30f57fdc8177fc3feaa4e
Size

170KB
Sample

220128-z2w1sseba6
MD5

e0a5d9e9cf600b37eb836aee07906566
SHA1

583aebb976132afd18dd32ed46e14f58eb0ae1b9
SHA256

498fd1c4cb16f39974555d6e596fcea6c7da73f9f0f30f57fdc8177fc3feaa4e
SHA512

3544a290acab84a485770ed336b10ca8697b64356d80923533ea5f5c7c27912ff30ef181f67bce761cb366719e3073d98715cd00db72058e38ae4e592269c7af

Score

10^/10

njrat upload c.d.t evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

Upload C.D.T

C2

office365update.duckdns.org:2000

Mutex

5cd8f17f4086744065eb0992a09e05a2

Attributes

reg_key
5cd8f17f4086744065eb0992a09e05a2
splitter
|'|'|

Targets

- Target
  
  498fd1c4cb16f39974555d6e596fcea6c7da73f9f0f30f57fdc8177fc3feaa4e
- Size
  
  170KB
- MD5
  
  e0a5d9e9cf600b37eb836aee07906566
- SHA1
  
  583aebb976132afd18dd32ed46e14f58eb0ae1b9
- SHA256
  
  498fd1c4cb16f39974555d6e596fcea6c7da73f9f0f30f57fdc8177fc3feaa4e
- SHA512
  
  3544a290acab84a485770ed336b10ca8697b64356d80923533ea5f5c7c27912ff30ef181f67bce761cb366719e3073d98715cd00db72058e38ae4e592269c7af
Score

10^/10

njrat upload c.d.t evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

njratupload c.d.tevasiontrojan