njrat | 19a981c49024e4bc5ec2496e53ac074ed3baf7bb24dde5421859b375ac1b8e2c | Triage

Sharing

General

Target

19a981c49024e4bc5ec2496e53ac074ed3baf7bb24dde5421859b375ac1b8e2c
Size

280KB
Sample

221130-pzapnsec31
MD5

a2f3940682dc120a0fb1119c1ed52767
SHA1

8754d2c0fdc28553bdee6e77dfd37e74c9304e7a
SHA256

19a981c49024e4bc5ec2496e53ac074ed3baf7bb24dde5421859b375ac1b8e2c
SHA512

27e17afa4dd65b7b679df879631ad9444534191fa17b4985cc956dd6baf492e59fa958809b03ca471e4f523e10fc4a95fb80725344bfad07b604e35394670bcb
SSDEEP

6144:2aCHQiRgkktkhvgyFvatu6REsyzBaM577vWremDhU:FCwkgkktkhI8yY6Ral7FmDe

Score

10^/10

njrat byuac evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

byuac

C2

queda2122.ddns.net:90

Mutex

39e10978c4093d381ef3d982b00559c2

Attributes

reg_key
39e10978c4093d381ef3d982b00559c2
splitter
|'|'|

Targets

- Target
  
  19a981c49024e4bc5ec2496e53ac074ed3baf7bb24dde5421859b375ac1b8e2c
- Size
  
  280KB
- MD5
  
  a2f3940682dc120a0fb1119c1ed52767
- SHA1
  
  8754d2c0fdc28553bdee6e77dfd37e74c9304e7a
- SHA256
  
  19a981c49024e4bc5ec2496e53ac074ed3baf7bb24dde5421859b375ac1b8e2c
- SHA512
  
  27e17afa4dd65b7b679df879631ad9444534191fa17b4985cc956dd6baf492e59fa958809b03ca471e4f523e10fc4a95fb80725344bfad07b604e35394670bcb
- SSDEEP
  
  6144:2aCHQiRgkktkhvgyFvatu6REsyzBaM577vWremDhU:FCwkgkktkhI8yY6Ral7FmDe
Score

10^/10

njrat byuac evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njratbyuacevasiontrojan

behavioral2

njratevasiontrojan