njrat | 09a09aafb99588cd17b81a7c33fe66ca7813b4f9d68944b56ed05b3969f8e474 | Triage

Sharing

General

Target

09a09aafb99588cd17b81a7c33fe66ca7813b4f9d68944b56ed05b3969f8e474
Size

110KB
Sample

221001-3wsmzacef6
MD5

e2244ad72eb4152a062e3eeb5ce1891d
SHA1

abfa32d92c0c32b380080f4ba15fbce5a72afb3e
SHA256

09a09aafb99588cd17b81a7c33fe66ca7813b4f9d68944b56ed05b3969f8e474
SHA512

0fbd09fb6ce628c416e0252fcfba5e5323f8c2383dff38dc246ea0f1e8e419d0e2b39af150823455f384442259a2d519e05ad25673bc91a7b3979eb425066d5f
SSDEEP

1536:I08asokr96ISsdi9wMEkDN63QqMOzOIuxUNUnSqo/f2cDTNX3pc4gggYiURpB5Rf:1sFrHSsW6gnXcUnS9fhHh3pHjGH2KgB

Score

10^/10

njrat hacked trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

omarosama123456.ddns.net:1177

Mutex

456cebe97b6e0b79767853fec7f09165

Attributes

reg_key
456cebe97b6e0b79767853fec7f09165
splitter
|'|'|

Targets

- Target
  
  09a09aafb99588cd17b81a7c33fe66ca7813b4f9d68944b56ed05b3969f8e474
- Size
  
  110KB
- MD5
  
  e2244ad72eb4152a062e3eeb5ce1891d
- SHA1
  
  abfa32d92c0c32b380080f4ba15fbce5a72afb3e
- SHA256
  
  09a09aafb99588cd17b81a7c33fe66ca7813b4f9d68944b56ed05b3969f8e474
- SHA512
  
  0fbd09fb6ce628c416e0252fcfba5e5323f8c2383dff38dc246ea0f1e8e419d0e2b39af150823455f384442259a2d519e05ad25673bc91a7b3979eb425066d5f
- SSDEEP
  
  1536:I08asokr96ISsdi9wMEkDN63QqMOzOIuxUNUnSqo/f2cDTNX3pc4gggYiURpB5Rf:1sFrHSsW6gnXcUnS9fhHh3pHjGH2KgB
Score

10^/10

njrat hacked trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathackedtrojan

behavioral2