njrat | 84e695d98db088f08fc5ec25dff225ac2e2fb23926ae3627a54a40f258c05bb2 | Triage

Sharing

General

Target

84e695d98db088f08fc5ec25dff225ac2e2fb23926ae3627a54a40f258c05bb2
Size

949KB
Sample

221127-f3vdtacc94
MD5

5772aeab066ef7b5e603a85a099c68ea
SHA1

4bb09277b95884a0697c1d273cd80b318f178e40
SHA256

84e695d98db088f08fc5ec25dff225ac2e2fb23926ae3627a54a40f258c05bb2
SHA512

59474ddeeef3fd5f8d9eacc4a834cf1031151a1ae480b5f62721ca01e35b23875fc55d2b2415b4bd2560e837d8f6668175ebbacd5909ebad1267bdcbc7b64e0c
SSDEEP

24576:e9HWjvDzsdKeDzP8ylUFsgodcDE2VAuFl25:++sdKe/kylUaSEKA35

Score

10^/10

njrat cs agilenet evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

CS

C2

185.84.181.76:7777

Mutex

478c00e39fc244a542ec45ecc8f8c475

Attributes

reg_key
478c00e39fc244a542ec45ecc8f8c475
splitter
|'|'|

Targets

- Target
  
  84e695d98db088f08fc5ec25dff225ac2e2fb23926ae3627a54a40f258c05bb2
- Size
  
  949KB
- MD5
  
  5772aeab066ef7b5e603a85a099c68ea
- SHA1
  
  4bb09277b95884a0697c1d273cd80b318f178e40
- SHA256
  
  84e695d98db088f08fc5ec25dff225ac2e2fb23926ae3627a54a40f258c05bb2
- SHA512
  
  59474ddeeef3fd5f8d9eacc4a834cf1031151a1ae480b5f62721ca01e35b23875fc55d2b2415b4bd2560e837d8f6668175ebbacd5909ebad1267bdcbc7b64e0c
- SSDEEP
  
  24576:e9HWjvDzsdKeDzP8ylUFsgodcDE2VAuFl25:++sdKe/kylUaSEKA35
Score

10^/10

njrat cs evasion trojan
- UAC bypass
  evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njratcsevasiontrojan

behavioral2

njratcsevasiontrojan