njrat | 5dfd79503b19b67052ec060d74e1f2a9a5ee34de74d578c5b4499468bad8f1cb | Triage

Sharing

General

Target

5dfd79503b19b67052ec060d74e1f2a9a5ee34de74d578c5b4499468bad8f1cb
Size

23KB
Sample

220128-zhst2adeb5
MD5

c112da76b3417f20ddd144d0d483df69
SHA1

5e41edc6a1fb46d1278737d66829c35ed8b8c356
SHA256

5dfd79503b19b67052ec060d74e1f2a9a5ee34de74d578c5b4499468bad8f1cb
SHA512

4d61d7d37fcc5923f1e40f3911472c631185ab04716a0f50e62b55e166c25fce362b5795d19edb35d3fff0c5081810eeb51eb5b06d7e5fc455452a1ac98bdd40

Score

10^/10

njrat drooper cdt evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

DROOPER CDT

C2

office365update.duckdns.org:5552

Mutex

9da5a4d9d81cbdb68df61cb62ac3a45d

Attributes

reg_key
9da5a4d9d81cbdb68df61cb62ac3a45d
splitter
|'|'|

Targets

- Target
  
  5dfd79503b19b67052ec060d74e1f2a9a5ee34de74d578c5b4499468bad8f1cb
- Size
  
  23KB
- MD5
  
  c112da76b3417f20ddd144d0d483df69
- SHA1
  
  5e41edc6a1fb46d1278737d66829c35ed8b8c356
- SHA256
  
  5dfd79503b19b67052ec060d74e1f2a9a5ee34de74d578c5b4499468bad8f1cb
- SHA512
  
  4d61d7d37fcc5923f1e40f3911472c631185ab04716a0f50e62b55e166c25fce362b5795d19edb35d3fff0c5081810eeb51eb5b06d7e5fc455452a1ac98bdd40
Score

10^/10

njrat evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

drooper cdtnjrat

behavioral1

njratevasiontrojan

behavioral2

njratevasiontrojan