njrat | a06046a24ca7e4c19c7244ab46232840319850042a5b72a4a3c1dbaf6db1e288 | Triage

Sharing

General

Target

therealcat.jpg
Size

14KB
Sample

230802-2p1vbsab79
MD5

89efb21ca072c42620e2913758af6307
SHA1

55d25c7cf3450e04408a4586a92fd811fff6aa72
SHA256

a06046a24ca7e4c19c7244ab46232840319850042a5b72a4a3c1dbaf6db1e288
SHA512

2a5e87d00184dd171aa085b00f989a699d86c73a58532ebd31d87925355b76d0456895dc8166351610886975c6e820649e50ad9118b5283ce4aa5ba86c5a783a
SSDEEP

384:9wDiJ82hnVno5jff+VPwXT1RyjQdQMh+bD8H:C682ht+eVP41RyjQiMiW

Score

10^/10

njrat mybot evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

MyBot

C2

10.127.0.138:6522

10.127.0.11:6522

Mutex

b62ee66a811795b55d5ca9c329503dfb

Attributes

reg_key
b62ee66a811795b55d5ca9c329503dfb
splitter
Y262SUCZ4UJJ

Targets

- Target
  
  therealcat.jpg
- Size
  
  14KB
- MD5
  
  89efb21ca072c42620e2913758af6307
- SHA1
  
  55d25c7cf3450e04408a4586a92fd811fff6aa72
- SHA256
  
  a06046a24ca7e4c19c7244ab46232840319850042a5b72a4a3c1dbaf6db1e288
- SHA512
  
  2a5e87d00184dd171aa085b00f989a699d86c73a58532ebd31d87925355b76d0456895dc8166351610886975c6e820649e50ad9118b5283ce4aa5ba86c5a783a
- SSDEEP
  
  384:9wDiJ82hnVno5jff+VPwXT1RyjQdQMh+bD8H:C682ht+eVP41RyjQiMiW
Score

10^/10

njrat mybot evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Downloads MZ/PE file
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

njratmybotevasiontrojan