njrat | b12ec6a5428e2e0ad05b0114bf9e1b0ebdb27c064f9a924351ea5e705a69fdaa | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b12ec6a5428e2e0ad05b0114bf9e1b0ebdb27c064f9a924351ea5e705a69fdaa
Size

382KB
Sample

221029-12am8shbf6
MD5

84567b4ad6f7b699d318b5e00df0e9d0
SHA1

45a360bd87275f205e671e979770989f2cc2286d
SHA256

b12ec6a5428e2e0ad05b0114bf9e1b0ebdb27c064f9a924351ea5e705a69fdaa
SHA512

dd56cff49edb08083a994213ebf122f36522146c42a14d2451c1b26714d42ac5de363ec608b3ef1c75524d4ceebbf62f6617ce0366a00c8995b67c67821fef7b
SSDEEP

6144:zgMtqagCr6nGamX4HBtNGRzSphOaLwK7aUwM5l:tZgCr6VzGVS3O/cqul

Score

10^/10

njrat hacked trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

wafe000wafe.no-ip.org:1177

Mutex

e6e68c3a02496eeeacaee938f64902d5

Attributes

reg_key
e6e68c3a02496eeeacaee938f64902d5
splitter
|'|'|

Targets

- Target
  
  b12ec6a5428e2e0ad05b0114bf9e1b0ebdb27c064f9a924351ea5e705a69fdaa
- Size
  
  382KB
- MD5
  
  84567b4ad6f7b699d318b5e00df0e9d0
- SHA1
  
  45a360bd87275f205e671e979770989f2cc2286d
- SHA256
  
  b12ec6a5428e2e0ad05b0114bf9e1b0ebdb27c064f9a924351ea5e705a69fdaa
- SHA512
  
  dd56cff49edb08083a994213ebf122f36522146c42a14d2451c1b26714d42ac5de363ec608b3ef1c75524d4ceebbf62f6617ce0366a00c8995b67c67821fef7b
- SSDEEP
  
  6144:zgMtqagCr6nGamX4HBtNGRzSphOaLwK7aUwM5l:tZgCr6VzGVS3O/cqul
Score

10^/10

njrat hacked trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackedtrojan

behavioral2