njrat | 625b1d03e46f7f850dc9be6aaa27a8d07770049102ecace06cb5326412022265 | Triage

Sharing

General

Target

625b1d03e46f7f850dc9be6aaa27a8d07770049102ecace06cb5326412022265
Size

541KB
Sample

221011-xlsbkaaca9
MD5

61a8e83691cb299b433e8d64d67b9a40
SHA1

0141851caeba0713360c2749a45fff89589c3a96
SHA256

625b1d03e46f7f850dc9be6aaa27a8d07770049102ecace06cb5326412022265
SHA512

b9a449049a3f5c325eec18ff22b4a67825af6e2c593be225225169ee09d6c3985e5e2eca79a145cf8d841d093c943f107b7823f69c653e377124d7ffa819cb5d
SSDEEP

768:/Z1C/HjNmImp8k9RV4+RiHdxOnW5MedsruJDWaS77BKbwexZw32SLg0innjhyVT5:ax/mT9j2WW5MeGD7BKb7+it2N

Score

10^/10

njrat fucked by danger evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Fucked By Danger

C2

127.0.0.1:1991

Mutex

d81f5bf87f47c65c5403827c84b087b7

Attributes

reg_key
d81f5bf87f47c65c5403827c84b087b7
splitter
|'|'|

Targets

- Target
  
  625b1d03e46f7f850dc9be6aaa27a8d07770049102ecace06cb5326412022265
- Size
  
  541KB
- MD5
  
  61a8e83691cb299b433e8d64d67b9a40
- SHA1
  
  0141851caeba0713360c2749a45fff89589c3a96
- SHA256
  
  625b1d03e46f7f850dc9be6aaa27a8d07770049102ecace06cb5326412022265
- SHA512
  
  b9a449049a3f5c325eec18ff22b4a67825af6e2c593be225225169ee09d6c3985e5e2eca79a145cf8d841d093c943f107b7823f69c653e377124d7ffa819cb5d
- SSDEEP
  
  768:/Z1C/HjNmImp8k9RV4+RiHdxOnW5MedsruJDWaS77BKbwexZw32SLg0innjhyVT5:ax/mT9j2WW5MeGD7BKb7+it2N
Score

10^/10

njrat fucked by danger evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratfucked by dangerevasiontrojan

behavioral2