njrat | a91381bad3f5ef7eb1a95dc7d89dd60dccc6a80389b29c524fb84913b71e1bf2 | Triage

Sharing

General

Target

a91381bad3f5ef7eb1a95dc7d89dd60dccc6a80389b29c524fb84913b71e1bf2
Size

135KB
Sample

221125-3lphkafa67
MD5

b61d8d07574e0650adb25bdf1c3e6c5f
SHA1

1cc33ddb775273ba5f1639dfff2344d78af65d1d
SHA256

a91381bad3f5ef7eb1a95dc7d89dd60dccc6a80389b29c524fb84913b71e1bf2
SHA512

ba82dd009e2321039ad20b2ce5794f530e4c3ff7659d6217505f20722a7a5f5648be8fde3df06d4e7558878eeca15adfbde7eba3a2398105832fcfe521508be4
SSDEEP

768:5qW4V6+yDRpcnugrnskz+09lQk4GzjV0XEc2JP1iK2SwX7R81yqBP:gW4VcDRWugL/SclQBY50XvUP1R1fF

Score

10^/10

njrat hacked evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Hacked

C2

maistro.no-ip.org:1177

Mutex

89858a26c3b4f367dbcfa95959e39d35

Attributes

reg_key
89858a26c3b4f367dbcfa95959e39d35
splitter
|'|'|

Targets

- Target
  
  a91381bad3f5ef7eb1a95dc7d89dd60dccc6a80389b29c524fb84913b71e1bf2
- Size
  
  135KB
- MD5
  
  b61d8d07574e0650adb25bdf1c3e6c5f
- SHA1
  
  1cc33ddb775273ba5f1639dfff2344d78af65d1d
- SHA256
  
  a91381bad3f5ef7eb1a95dc7d89dd60dccc6a80389b29c524fb84913b71e1bf2
- SHA512
  
  ba82dd009e2321039ad20b2ce5794f530e4c3ff7659d6217505f20722a7a5f5648be8fde3df06d4e7558878eeca15adfbde7eba3a2398105832fcfe521508be4
- SSDEEP
  
  768:5qW4V6+yDRpcnugrnskz+09lQk4GzjV0XEc2JP1iK2SwX7R81yqBP:gW4VcDRWugL/SclQBY50XvUP1R1fF
Score

10^/10

njrat hacked evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathacked evasiontrojan

behavioral2