njrat | 502ccd94a1e7744941ab2bc6ee448107b17d026490cfdf7c02146045088efa18 | Triage

Sharing

General

Target

bK53.exe
Size

23KB
Sample

230316-eqrlqagh24
MD5

bdc8185a8b270395984b7f63f1072107
SHA1

03ff66716e034bd799405fb630d3f334c62534cb
SHA256

502ccd94a1e7744941ab2bc6ee448107b17d026490cfdf7c02146045088efa18
SHA512

e019ccfe2e28c49307e7510c1f9c90b97ffe0313b1c9f18752188bcc5df1265220b28903ae4f68b7c425b8a71b47ac3d7a883722a56aca2c76044904bcb9ab68
SSDEEP

384:fcqbCK0l4h7o9SVyDGvENuh46/gJkOmMSW38mRvR6JZlbw8hqIusZzZz2:E30py6vhxaRpcnuh

Score

10^/10

njrat hacked evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

0.tcp.sa.ngrok.io:16664

Mutex

d8e3652b6fad72d1254b8eec8a92e129

Attributes

reg_key
d8e3652b6fad72d1254b8eec8a92e129
splitter
|'|'|

Targets

- Target
  
  bK53.exe
- Size
  
  23KB
- MD5
  
  bdc8185a8b270395984b7f63f1072107
- SHA1
  
  03ff66716e034bd799405fb630d3f334c62534cb
- SHA256
  
  502ccd94a1e7744941ab2bc6ee448107b17d026490cfdf7c02146045088efa18
- SHA512
  
  e019ccfe2e28c49307e7510c1f9c90b97ffe0313b1c9f18752188bcc5df1265220b28903ae4f68b7c425b8a71b47ac3d7a883722a56aca2c76044904bcb9ab68
- SSDEEP
  
  384:fcqbCK0l4h7o9SVyDGvENuh46/gJkOmMSW38mRvR6JZlbw8hqIusZzZz2:E30py6vhxaRpcnuh
Score

10^/10

evasion njrat trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

behavioral2

njratevasiontrojan