njrat | a77d89af9f2b35acf31f220c08293373fb7670ae463d114dd9aa0ba76d040d96 | Triage

Sharing

General

Target

11d49dd9407654efd37f016694461dfc.exe
Size

93KB
Sample

230815-3c6eqafg7s
MD5

11d49dd9407654efd37f016694461dfc
SHA1

55f385dde7de9eb303a6ad158a6150d1322da736
SHA256

a77d89af9f2b35acf31f220c08293373fb7670ae463d114dd9aa0ba76d040d96
SHA512

2c27613c62c759059c17758cc62cada5d08e5fc0382d3c4a64badb85c45301cdc4fe38f87da328e6b98adeb00980d0b503e790b0616ad514ffb5f9d324af58c9
SSDEEP

768:PY3IcRhpC0EoQspgnOmWNW6tsX2JADll2gSXxrjEtCdnl2pi1Rz4Rk3wsGdp/gS7:9cHpVEoKOmWM6sdl4jEwzGi1dDID/gS

Score

10^/10

njrat 2.tcp.eu.ngrok.io evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

2.tcp.eu.ngrok.io

C2

hakim32.ddns.net:2000

2.tcp.eu.ngrok.io:15056

Mutex

23d4a67ca31c94fb2f7e69f8c176876d

Attributes

reg_key
23d4a67ca31c94fb2f7e69f8c176876d
splitter
|'|'|

Targets

- Target
  
  11d49dd9407654efd37f016694461dfc.exe
- Size
  
  93KB
- MD5
  
  11d49dd9407654efd37f016694461dfc
- SHA1
  
  55f385dde7de9eb303a6ad158a6150d1322da736
- SHA256
  
  a77d89af9f2b35acf31f220c08293373fb7670ae463d114dd9aa0ba76d040d96
- SHA512
  
  2c27613c62c759059c17758cc62cada5d08e5fc0382d3c4a64badb85c45301cdc4fe38f87da328e6b98adeb00980d0b503e790b0616ad514ffb5f9d324af58c9
- SSDEEP
  
  768:PY3IcRhpC0EoQspgnOmWNW6tsX2JADll2gSXxrjEtCdnl2pi1Rz4Rk3wsGdp/gS7:9cHpVEoKOmWM6sdl4jEwzGi1dDID/gS
Score

10^/10

njrat 2.tcp.eu.ngrok.io evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

2.tcp.eu.ngrok.ionjrat

behavioral1

njrat2.tcp.eu.ngrok.ioevasiontrojan

behavioral2

njrat2.tcp.eu.ngrok.ioevasiontrojan