njrat | b38b021a1c25c05b6817a52e0ad8b36a8b64000db99e1b066114b30e28084998 | Triage

Sharing

General

Target

b38b021a1c25c05b6817a52e0ad8b36a8b64000db99e1b066114b30e28084998
Size

83KB
Sample

221028-2zmepabdhj
MD5

0acd52a5eca19fdfd3c23682a1565500
SHA1

c040443641a2c61b5b67fc3ad235f38cad4d7089
SHA256

b38b021a1c25c05b6817a52e0ad8b36a8b64000db99e1b066114b30e28084998
SHA512

bdef13b46a37007330ecb2c3570eda3f3db3fad138a70f91cbbaf1e1563188e7485106048f79aca92d8396a6a5bf37c75a97592fdd2ebcd7aae363fd057a9ba0
SSDEEP

1536:OOdnis2oXPfq+ZCcXrz5izuVId/eVtF/1YadXenbooNPqc3soAI3QN0qSS:OOdnis2oX3q+Mcb11Y/e/F/1YSU5NPqV

Score

10^/10

njrat hacked evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

HacKed

C2

xplackx.no-ip.biz:1177

Mutex

08f4dc96bbb7af09d1a37fe35c75a42f

Attributes

reg_key
08f4dc96bbb7af09d1a37fe35c75a42f
splitter
|'|'|

Targets

- Target
  
  b38b021a1c25c05b6817a52e0ad8b36a8b64000db99e1b066114b30e28084998
- Size
  
  83KB
- MD5
  
  0acd52a5eca19fdfd3c23682a1565500
- SHA1
  
  c040443641a2c61b5b67fc3ad235f38cad4d7089
- SHA256
  
  b38b021a1c25c05b6817a52e0ad8b36a8b64000db99e1b066114b30e28084998
- SHA512
  
  bdef13b46a37007330ecb2c3570eda3f3db3fad138a70f91cbbaf1e1563188e7485106048f79aca92d8396a6a5bf37c75a97592fdd2ebcd7aae363fd057a9ba0
- SSDEEP
  
  1536:OOdnis2oXPfq+ZCcXrz5izuVId/eVtF/1YadXenbooNPqc3soAI3QN0qSS:OOdnis2oX3q+Mcb11Y/e/F/1YSU5NPqV
Score

10^/10

njrat hacked evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackedevasiontrojan

behavioral2

njrathackedtrojan