njrat | 7a78f5f7471015b05f36a45b9d53d05224e8b4796240c709c3a7067bd44bc543 | Triage

Sharing

General

Target

23ac69eb0388a0fc0828c9e41b769201.exe
Size

23KB
Sample

230711-jspblafc96
MD5

23ac69eb0388a0fc0828c9e41b769201
SHA1

f61ed517f92b306df0ff2f185c0ab097c5dbf46d
SHA256

7a78f5f7471015b05f36a45b9d53d05224e8b4796240c709c3a7067bd44bc543
SHA512

84925b643e6613cf698d78d68235d3469969a6f3d4d1f640aa80926de2ce38d42e211bb2efa651d6528050ced0d96fd3d07bba433a057eaac8aa1d4be44d8e90
SSDEEP

384:9dMK6b2GZsx/Yr1+liORH1kciFQ6Lg9gSOYRr9mRvR6JZlbw8hqIusZzZkz:9+b9glF51MRpcnul

Score

10^/10

njrat flex evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Flex

C2

0.tcp.sa.ngrok.io:17200

Mutex

b32bd74f2549d11fe61eb231dbe9f728

Attributes

reg_key
b32bd74f2549d11fe61eb231dbe9f728
splitter
|'|'|

Targets

- Target
  
  23ac69eb0388a0fc0828c9e41b769201.exe
- Size
  
  23KB
- MD5
  
  23ac69eb0388a0fc0828c9e41b769201
- SHA1
  
  f61ed517f92b306df0ff2f185c0ab097c5dbf46d
- SHA256
  
  7a78f5f7471015b05f36a45b9d53d05224e8b4796240c709c3a7067bd44bc543
- SHA512
  
  84925b643e6613cf698d78d68235d3469969a6f3d4d1f640aa80926de2ce38d42e211bb2efa651d6528050ced0d96fd3d07bba433a057eaac8aa1d4be44d8e90
- SSDEEP
  
  384:9dMK6b2GZsx/Yr1+liORH1kciFQ6Lg9gSOYRr9mRvR6JZlbw8hqIusZzZkz:9+b9glF51MRpcnul
Score

10^/10

evasion njrat trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Drops startup file
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

njratevasiontrojan