njrat | 7c0e2d228042abd250597fc95a5b2979cd72d93293bfbe29bb1de6d17fd145b1 | Triage

Sharing

General

Target

7c0e2d228042abd250597fc95a5b2979cd72d93293bfbe29bb1de6d17fd145b1
Size

182KB
Sample

221130-x2a28abc9t
MD5

3f813aba1631a7a5ce2697b9929e459b
SHA1

6f866d5eb7b4e36a4c2854d2a16e70f2560791a2
SHA256

7c0e2d228042abd250597fc95a5b2979cd72d93293bfbe29bb1de6d17fd145b1
SHA512

46940c020a61d7bbe2455df6ecd5d5f112fd2ef476413c7d79223353b1d0b239223a7155956f5ae452d3285bc5ced6e8117c9c6334d6586a1b373ecb57d5c3b7
SSDEEP

3072:7hE1Mmq7x1+iNlp9EqxNZ32GhNvj43sJ/gTQcevUAKen:7i1MT7hp9E+J2GhNXBXMo

Score

10^/10

njrat hackednj trojan

Malware Config

Extracted

Family

njrat

Version

v2.0

Botnet

HacKedNJ

C2

anunankis1.duckdns.org:1515

Mutex

Windows

Attributes

reg_key
Windows
splitter
|-F-|

Targets

- Target
  
  7c0e2d228042abd250597fc95a5b2979cd72d93293bfbe29bb1de6d17fd145b1
- Size
  
  182KB
- MD5
  
  3f813aba1631a7a5ce2697b9929e459b
- SHA1
  
  6f866d5eb7b4e36a4c2854d2a16e70f2560791a2
- SHA256
  
  7c0e2d228042abd250597fc95a5b2979cd72d93293bfbe29bb1de6d17fd145b1
- SHA512
  
  46940c020a61d7bbe2455df6ecd5d5f112fd2ef476413c7d79223353b1d0b239223a7155956f5ae452d3285bc5ced6e8117c9c6334d6586a1b373ecb57d5c3b7
- SSDEEP
  
  3072:7hE1Mmq7x1+iNlp9EqxNZ32GhNvj43sJ/gTQcevUAKen:7i1MT7hp9E+J2GhNXBXMo
Score

10^/10

njrat hackednj trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathackednjtrojan

behavioral2

njrathackednjtrojan