njrat | c21e2b22c173da1dc5886e436fc79aa8b7378d32a4575feb828d91002875d441 | Triage

Sharing

General

Target

x4zhwTM1H3sR.exe
Size

23KB
Sample

230926-1z3k8sfc75
MD5

84c28541e9f2bdd1d7b5d3858c319972
SHA1

e5c20d707d6bfa47e312cde5d5e0917713efe56f
SHA256

c21e2b22c173da1dc5886e436fc79aa8b7378d32a4575feb828d91002875d441
SHA512

5c3ad1c8e299f0283fdbf2deb20d0d3d0d57836f3fe558bd553fd058782c6268d8719931c36629826f2b07d392184e2e787cb9296fb18575b01725fdd89ef0bf
SSDEEP

384:DnsqCm6yocx/Yp7jemiO0nd08/VQ6bgNQC5h7tmRvR6JZlbw8hqIusZzZqz:D8SoQA6mlcrRpcnub

Score

10^/10

njrat lammer evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Lammer

C2

microsoft-virtualpc.duckdns.org:1177

Mutex

a22f01d30c37339e652f2f834002ccfc

Attributes

reg_key
a22f01d30c37339e652f2f834002ccfc
splitter
|'|'|

Targets

- Target
  
  x4zhwTM1H3sR.exe
- Size
  
  23KB
- MD5
  
  84c28541e9f2bdd1d7b5d3858c319972
- SHA1
  
  e5c20d707d6bfa47e312cde5d5e0917713efe56f
- SHA256
  
  c21e2b22c173da1dc5886e436fc79aa8b7378d32a4575feb828d91002875d441
- SHA512
  
  5c3ad1c8e299f0283fdbf2deb20d0d3d0d57836f3fe558bd553fd058782c6268d8719931c36629826f2b07d392184e2e787cb9296fb18575b01725fdd89ef0bf
- SSDEEP
  
  384:DnsqCm6yocx/Yp7jemiO0nd08/VQ6bgNQC5h7tmRvR6JZlbw8hqIusZzZqz:D8SoQA6mlcrRpcnub
Score

10^/10

njrat evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

njratevasiontrojan

behavioral2

njratevasiontrojan