njrat | e1d8fd036bb1ad32351420c825491672f6c423419cede6e3f16096a989e066df | Triage

Sharing

General

Target

e1d8fd036bb1ad32351420c825491672f6c423419cede6e3f16096a989e066df
Size

243KB
Sample

221003-awlv7safak
MD5

6b695a7b241359cba5a4e94751902d90
SHA1

684bde72a7a20d6db8f7d81e6f6dadfd9b8a44ab
SHA256

e1d8fd036bb1ad32351420c825491672f6c423419cede6e3f16096a989e066df
SHA512

93e406ec9ba9d91f5878989d7973817b6eac75d0d13a80920e4fd9f669619ea4e54038970b30691ad049775f838b646915d84f3cab127d4cfcbe6a4cfdf0deba
SSDEEP

6144:GWzpIiSxD3vAJVbG+KxRTnGeM8GCsMbH6eKKN:XzCiOrIFbK3aerZjK

Score

10^/10

njrat hacked evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

HacKed

C2

toshiba.no-ip.biz:1177

Mutex

5f7f79738df89bca155327b166914425

Attributes

reg_key
5f7f79738df89bca155327b166914425
splitter
|'|'|

Targets

- Target
  
  e1d8fd036bb1ad32351420c825491672f6c423419cede6e3f16096a989e066df
- Size
  
  243KB
- MD5
  
  6b695a7b241359cba5a4e94751902d90
- SHA1
  
  684bde72a7a20d6db8f7d81e6f6dadfd9b8a44ab
- SHA256
  
  e1d8fd036bb1ad32351420c825491672f6c423419cede6e3f16096a989e066df
- SHA512
  
  93e406ec9ba9d91f5878989d7973817b6eac75d0d13a80920e4fd9f669619ea4e54038970b30691ad049775f838b646915d84f3cab127d4cfcbe6a4cfdf0deba
- SSDEEP
  
  6144:GWzpIiSxD3vAJVbG+KxRTnGeM8GCsMbH6eKKN:XzCiOrIFbK3aerZjK
Score

10^/10

njrat hacked evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackedevasiontrojan

behavioral2