njrat | 6bb3c42d9ed6d25bd82fa8568cee962b6e10edddc38bc5273e97e5128872ae39 | Triage

Sharing

General

Target

6bb3c42d9ed6d25bd82fa8568cee962b6e10edddc38bc5273e97e5128872ae39
Size

169KB
Sample

220129-shh69sceaq
MD5

d3c8ecf591381b31d3aa796471b5b0f1
SHA1

efb8b908c614ef0dc791e53ad579485bc6f5e33b
SHA256

6bb3c42d9ed6d25bd82fa8568cee962b6e10edddc38bc5273e97e5128872ae39
SHA512

a49d1bef7ae6e40809efe3055a78ef5d2b8c8ecbafc4499c834c80c4ad7cd1aa839e9a0914902e86b1307324b4b3d8c5f097a741ec598f1a8dd333276d54748a

Score

10^/10

njrat hacked evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

hackteam1.spdns.de:448

Mutex

ee43fb1332f52f77309d2a27f7deccfc

Attributes

reg_key
ee43fb1332f52f77309d2a27f7deccfc
splitter
|'|'|

Targets

- Target
  
  6bb3c42d9ed6d25bd82fa8568cee962b6e10edddc38bc5273e97e5128872ae39
- Size
  
  169KB
- MD5
  
  d3c8ecf591381b31d3aa796471b5b0f1
- SHA1
  
  efb8b908c614ef0dc791e53ad579485bc6f5e33b
- SHA256
  
  6bb3c42d9ed6d25bd82fa8568cee962b6e10edddc38bc5273e97e5128872ae39
- SHA512
  
  a49d1bef7ae6e40809efe3055a78ef5d2b8c8ecbafc4499c834c80c4ad7cd1aa839e9a0914902e86b1307324b4b3d8c5f097a741ec598f1a8dd333276d54748a
Score

10^/10

njrat hacked evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathackedevasiontrojan

behavioral2