njrat | 502ccd94a1e7744941ab2bc6ee448107b17d026490cfdf7c02146045088efa18 | Triage

Sharing

General

Target

bK53.exe
Size

23KB
Sample

230316-eqrlqagh24
MD5

bdc8185a8b270395984b7f63f1072107
SHA1

03ff66716e034bd799405fb630d3f334c62534cb
SHA256

502ccd94a1e7744941ab2bc6ee448107b17d026490cfdf7c02146045088efa18
SHA512

e019ccfe2e28c49307e7510c1f9c90b97ffe0313b1c9f18752188bcc5df1265220b28903ae4f68b7c425b8a71b47ac3d7a883722a56aca2c76044904bcb9ab68
SSDEEP

384:fcqbCK0l4h7o9SVyDGvENuh46/gJkOmMSW38mRvR6JZlbw8hqIusZzZz2:E30py6vhxaRpcnuh

Score

10^/10

njrat hacked evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

0.tcp.sa.ngrok.io:16664

Mutex

d8e3652b6fad72d1254b8eec8a92e129

Attributes

reg_key
d8e3652b6fad72d1254b8eec8a92e129
splitter
|'|'|

Targets

- Target
  
  bK53.exe
- Size
  
  23KB
- MD5
  
  bdc8185a8b270395984b7f63f1072107
- SHA1
  
  03ff66716e034bd799405fb630d3f334c62534cb
- SHA256
  
  502ccd94a1e7744941ab2bc6ee448107b17d026490cfdf7c02146045088efa18
- SHA512
  
  e019ccfe2e28c49307e7510c1f9c90b97ffe0313b1c9f18752188bcc5df1265220b28903ae4f68b7c425b8a71b47ac3d7a883722a56aca2c76044904bcb9ab68
- SSDEEP
  
  384:fcqbCK0l4h7o9SVyDGvENuh46/gJkOmMSW38mRvR6JZlbw8hqIusZzZz2:E30py6vhxaRpcnuh
Score

10^/10

evasion njrat trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

njratevasiontrojan