njrat | e162f5bb33843a8872968483555c053718bb9654c0641ccd393f4ddd08391e17 | Triage

Sharing

General

Target

243e61e9274fdd1d62c9c2cefc5d0c57.bin
Size

23KB
Sample

230731-blfrwaca56
MD5

243e61e9274fdd1d62c9c2cefc5d0c57
SHA1

8a915a682debbf969ed7917b5d26dd31e21786e8
SHA256

e162f5bb33843a8872968483555c053718bb9654c0641ccd393f4ddd08391e17
SHA512

813d2568d465822d90352651e91e91d1dcdfd2e5c47e4b851d9500ac819602f80602c8b4bfc149b741b684b833c908cf41dd91827e13f2cbb852c0b175c4605e
SSDEEP

384:MsqS+ER6vRKXGYKRWVSujUtX9w6Vglo61Z5DVmRvR6JZlbw8hqIusZzZU8:Tf65K2Yf1jMRpcnuO

Score

10^/10

njrat lammer evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Lammer

C2

0.tcp.sa.ngrok.io:11529

Mutex

1703ba9cf7c907ac1a273b4cbdb493ba

Attributes

reg_key
1703ba9cf7c907ac1a273b4cbdb493ba
splitter
|'|'|

Targets

- Target
  
  243e61e9274fdd1d62c9c2cefc5d0c57.bin
- Size
  
  23KB
- MD5
  
  243e61e9274fdd1d62c9c2cefc5d0c57
- SHA1
  
  8a915a682debbf969ed7917b5d26dd31e21786e8
- SHA256
  
  e162f5bb33843a8872968483555c053718bb9654c0641ccd393f4ddd08391e17
- SHA512
  
  813d2568d465822d90352651e91e91d1dcdfd2e5c47e4b851d9500ac819602f80602c8b4bfc149b741b684b833c908cf41dd91827e13f2cbb852c0b175c4605e
- SSDEEP
  
  384:MsqS+ER6vRKXGYKRWVSujUtX9w6Vglo61Z5DVmRvR6JZlbw8hqIusZzZU8:Tf65K2Yf1jMRpcnuO
Score

10^/10

njrat evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

njratevasiontrojan

behavioral2

njratevasiontrojan