njrat | 0e989bf575a13cc2c5e7cc71312f96ec780ede1a1e0019dded1d6a179dd4d686 | Triage

Sharing

General

Target

0e989bf575a13cc2c5e7cc71312f96ec780ede1a1e0019dded1d6a179dd4d686
Size

88KB
Sample

220630-wl77cagha9
MD5

0f904904e79cca463776aaa19faeb56e
SHA1

68afb1fd3dde4c7c2812b45fac00df770741648e
SHA256

0e989bf575a13cc2c5e7cc71312f96ec780ede1a1e0019dded1d6a179dd4d686
SHA512

2f6d0ef343c463f3542dc0983e9dbf78865bde83a774b3979bc921bdb3bdd806950097728250e473161eff3d96c1f7b99bc874c2202033221b642150c70b0010

Score

10^/10

njrat hacked evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

hacker1236.hoto.org:5552

Mutex

89665a93f568180046195511437d7e10

Attributes

reg_key
89665a93f568180046195511437d7e10
splitter
|'|'|

Targets

- Target
  
  0e989bf575a13cc2c5e7cc71312f96ec780ede1a1e0019dded1d6a179dd4d686
- Size
  
  88KB
- MD5
  
  0f904904e79cca463776aaa19faeb56e
- SHA1
  
  68afb1fd3dde4c7c2812b45fac00df770741648e
- SHA256
  
  0e989bf575a13cc2c5e7cc71312f96ec780ede1a1e0019dded1d6a179dd4d686
- SHA512
  
  2f6d0ef343c463f3542dc0983e9dbf78865bde83a774b3979bc921bdb3bdd806950097728250e473161eff3d96c1f7b99bc874c2202033221b642150c70b0010
Score

10^/10

njrat hacked evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Drops startup file
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathackedevasiontrojan

behavioral2

njratevasiontrojan