njrat | 482a76620997037b6109d7cf782ccd75b5b6a754eef86eff9bbf5b604ef34b0f | Triage

Sharing

General

Target

482a76620997037b6109d7cf782ccd75b5b6a754eef86eff9bbf5b604ef34b0f
Size

290KB
Sample

220129-rlkntsbgdl
MD5

f59453d2ff8f29617db23201c568017c
SHA1

d8661b18423c8702e618e5d9583bf208d7d3259f
SHA256

482a76620997037b6109d7cf782ccd75b5b6a754eef86eff9bbf5b604ef34b0f
SHA512

24f73e9a92f07d62f2978ee19f66f2bc33407f19029b5df7e1a01ab4a0bbf4c040c7a7c25383ba197a810833880d0df6224d79af17d826c0fa4134900a06e14e

Score

10^/10

njrat hacked evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

hp600.spdns.eu:447

Mutex

34f79db3bf3ee508616c80dd801e45fb

Attributes

reg_key
34f79db3bf3ee508616c80dd801e45fb
splitter
|'|'|

Targets

- Target
  
  482a76620997037b6109d7cf782ccd75b5b6a754eef86eff9bbf5b604ef34b0f
- Size
  
  290KB
- MD5
  
  f59453d2ff8f29617db23201c568017c
- SHA1
  
  d8661b18423c8702e618e5d9583bf208d7d3259f
- SHA256
  
  482a76620997037b6109d7cf782ccd75b5b6a754eef86eff9bbf5b604ef34b0f
- SHA512
  
  24f73e9a92f07d62f2978ee19f66f2bc33407f19029b5df7e1a01ab4a0bbf4c040c7a7c25383ba197a810833880d0df6224d79af17d826c0fa4134900a06e14e
Score

10^/10

njrat hacked evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackedevasiontrojan

behavioral2

njrathackedevasiontrojan