njrat | 8097383fc8d67a40c647b8e892fc7a28a68dc82fa16f51303ae99a5e82c61969 | Triage

Sharing

General

Target

8097383fc8d67a40c647b8e892fc7a28a68dc82fa16f51303ae99a5e82c61969
Size

919KB
Sample

220625-mmrfjsgfgm
MD5

396b59946e1211f68e52677de66ccbc6
SHA1

fd051f956b1a6764945464666395b077f2ea5462
SHA256

8097383fc8d67a40c647b8e892fc7a28a68dc82fa16f51303ae99a5e82c61969
SHA512

65030131559f23b61503da19e5725527847247d349022441f07dfdb47a58085484f2825624a6a9feb8bbfe0048a46bd37afe73cd409262bcbbfdd9df538a4712

Score

10^/10

njrat fourth#4 evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

fourth#4

C2

soft98.linkpc.net:5550

Mutex

10e93180d6481ad63a77c2b255d40864

Attributes

reg_key
10e93180d6481ad63a77c2b255d40864
splitter
|'|'|

Targets

- Target
  
  8097383fc8d67a40c647b8e892fc7a28a68dc82fa16f51303ae99a5e82c61969
- Size
  
  919KB
- MD5
  
  396b59946e1211f68e52677de66ccbc6
- SHA1
  
  fd051f956b1a6764945464666395b077f2ea5462
- SHA256
  
  8097383fc8d67a40c647b8e892fc7a28a68dc82fa16f51303ae99a5e82c61969
- SHA512
  
  65030131559f23b61503da19e5725527847247d349022441f07dfdb47a58085484f2825624a6a9feb8bbfe0048a46bd37afe73cd409262bcbbfdd9df538a4712
Score

10^/10

njrat fourth#4 evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njratfourth#4evasiontrojan

behavioral2

njratfourth#4evasiontrojan