njrat | 4a183fbaec91da7af2f941017c57d7b0d954adbc927dba46b7f2e163c5d2bce8 | Triage

Sharing

General

Target

4a183fbaec91da7af2f941017c57d7b0d954adbc927dba46b7f2e163c5d2bce8
Size

1021KB
Sample

221127-q49j8sca75
MD5

47a971baa7a684b11c8ab5306bfffc89
SHA1

1d2b46510885fb929f8987b3f080c3588a00038d
SHA256

4a183fbaec91da7af2f941017c57d7b0d954adbc927dba46b7f2e163c5d2bce8
SHA512

922e40ca44221ad926df66e72644bcae451d867c8ba3cc2c4f6062f8aac81434a69b2b5e0114202f5d9a6b31700caab1c16799a8fab5973d8153338c1138d3e8
SSDEEP

12288:Pu/tVlZBDslJEu5dzwLCfDNXsmjjHqLWdpG1xaAViCjAhNKL42vS:UdIXEu5dDjjHqqXG1xBViCINJoS

Score

10^/10

njrat cs agilenet evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

CS

C2

185.84.181.76:7777

Mutex

478c00e39fc244a542ec45ecc8f8c475

Attributes

reg_key
478c00e39fc244a542ec45ecc8f8c475
splitter
|'|'|

Targets

- Target
  
  4a183fbaec91da7af2f941017c57d7b0d954adbc927dba46b7f2e163c5d2bce8
- Size
  
  1021KB
- MD5
  
  47a971baa7a684b11c8ab5306bfffc89
- SHA1
  
  1d2b46510885fb929f8987b3f080c3588a00038d
- SHA256
  
  4a183fbaec91da7af2f941017c57d7b0d954adbc927dba46b7f2e163c5d2bce8
- SHA512
  
  922e40ca44221ad926df66e72644bcae451d867c8ba3cc2c4f6062f8aac81434a69b2b5e0114202f5d9a6b31700caab1c16799a8fab5973d8153338c1138d3e8
- SSDEEP
  
  12288:Pu/tVlZBDslJEu5dzwLCfDNXsmjjHqLWdpG1xaAViCjAhNKL42vS:UdIXEu5dDjjHqqXG1xBViCINJoS
Score

10^/10

njrat cs evasion trojan
- UAC bypass
  evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njratcsevasiontrojan

behavioral2

njratcsevasiontrojan