njrat | 531a83721a2d3ac3b6e5c46cc5d1157f1a16cee8f499ee4f713f1fdddea8a098 | Triage

Sharing

General

Target

531a83721a2d3ac3b6e5c46cc5d1157f1a16cee8f499ee4f713f1fdddea8a098
Size

2.1MB
Sample

220630-3dh1tacagk
MD5

d59ee7e723f06f5a8b7c09f9a94ec374
SHA1

a25f9abd250c23113cf546f44528f2e7c30eb937
SHA256

531a83721a2d3ac3b6e5c46cc5d1157f1a16cee8f499ee4f713f1fdddea8a098
SHA512

e45f3b1cf906e4a67e2332988adcaf63dbc6e86e4c8986d13591819207e4319bb86b91ac4dd6a4525e6b04284edcf48f2fcb48ee4277b7238406e53f7e8b0cf7

Score

10^/10

njrat driver1.exe evasion trojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

driver1.exe

C2

192.168.42.254:5552

Mutex

e36079b13f58a4249aa31dc3586b04c8

Attributes

reg_key
e36079b13f58a4249aa31dc3586b04c8
splitter
|'|'|

Targets

- Target
  
  531a83721a2d3ac3b6e5c46cc5d1157f1a16cee8f499ee4f713f1fdddea8a098
- Size
  
  2.1MB
- MD5
  
  d59ee7e723f06f5a8b7c09f9a94ec374
- SHA1
  
  a25f9abd250c23113cf546f44528f2e7c30eb937
- SHA256
  
  531a83721a2d3ac3b6e5c46cc5d1157f1a16cee8f499ee4f713f1fdddea8a098
- SHA512
  
  e45f3b1cf906e4a67e2332988adcaf63dbc6e86e4c8986d13591819207e4319bb86b91ac4dd6a4525e6b04284edcf48f2fcb48ee4277b7238406e53f7e8b0cf7
Score

10^/10

njrat driver1.exe evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njratdriver1.exeevasiontrojan

behavioral2