njrat | 0b2aef8463fb5a82c4946f071aa0343c562ddab2fcdc82b8147a9e29a79d79e0 | Triage

Sharing

General

Target

0b2aef8463fb5a82c4946f071aa0343c562ddab2fcdc82b8147a9e29a79d79e0
Size

29KB
Sample

220630-ydw58aacfj
MD5

0b91736e6d90f5b55e04882d0cedfa48
SHA1

c15bdf3df0a9eb1d7ffe88c9175f28e9687e6053
SHA256

0b2aef8463fb5a82c4946f071aa0343c562ddab2fcdc82b8147a9e29a79d79e0
SHA512

b4b5a02c2b053790867dea292d60a610ae360a4356784660bf5c2770c38b18ab7468049d0c029dacbe3ae3aec615aa78a09e5755691207e7d08ba34c0bcab69a

Score

10^/10

njrat njrat.exe evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

njRAT.exe

C2

127.0.0.1:1177

Mutex

89a4044a39e7e8c50d4a0ae14faa4dbf

Attributes

reg_key
89a4044a39e7e8c50d4a0ae14faa4dbf
splitter
|'|'|

Targets

- Target
  
  0b2aef8463fb5a82c4946f071aa0343c562ddab2fcdc82b8147a9e29a79d79e0
- Size
  
  29KB
- MD5
  
  0b91736e6d90f5b55e04882d0cedfa48
- SHA1
  
  c15bdf3df0a9eb1d7ffe88c9175f28e9687e6053
- SHA256
  
  0b2aef8463fb5a82c4946f071aa0343c562ddab2fcdc82b8147a9e29a79d79e0
- SHA512
  
  b4b5a02c2b053790867dea292d60a610ae360a4356784660bf5c2770c38b18ab7468049d0c029dacbe3ae3aec615aa78a09e5755691207e7d08ba34c0bcab69a
Score

10^/10

njrat evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njratevasiontrojan

behavioral2