njrat | 7b98971fec556ad5d6e994853395525da068c2f3e1cfd92b6388c37934e14533 | Triage

Sharing

General

Target

bRce.exe
Size

23KB
Sample

231031-ep773sae26
MD5

37bbdd80623474e7b479915629b4346e
SHA1

a6ce0e8167530a7fdd57243a1fa551364e0e1943
SHA256

7b98971fec556ad5d6e994853395525da068c2f3e1cfd92b6388c37934e14533
SHA512

498160664478a1d134ee0ef1574ae1367c222f435bbf631566234ff5ed96b95fef1b7d9ce599e7c4ffc733fd2fd89e7ec971879e2beac51b51c0eb41b0a6bd9c
SSDEEP

384:GcqbCK0l4h7o9SVyDGvENuh46/gJkOmMSW38mRvR6JZlbw8hqIusZzZRsYC:J30py6vhxaRpcnu0hC

Score

10^/10

njrat lammer evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Lammer

C2

181.217.95.27:1024

Mutex

745fb02f1b6366ca13f958bd219cc7b3

Attributes

reg_key
745fb02f1b6366ca13f958bd219cc7b3
splitter
|'|'|

Targets

- Target
  
  bRce.exe
- Size
  
  23KB
- MD5
  
  37bbdd80623474e7b479915629b4346e
- SHA1
  
  a6ce0e8167530a7fdd57243a1fa551364e0e1943
- SHA256
  
  7b98971fec556ad5d6e994853395525da068c2f3e1cfd92b6388c37934e14533
- SHA512
  
  498160664478a1d134ee0ef1574ae1367c222f435bbf631566234ff5ed96b95fef1b7d9ce599e7c4ffc733fd2fd89e7ec971879e2beac51b51c0eb41b0a6bd9c
- SSDEEP
  
  384:GcqbCK0l4h7o9SVyDGvENuh46/gJkOmMSW38mRvR6JZlbw8hqIusZzZRsYC:J30py6vhxaRpcnu0hC
Score

10^/10

njrat evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Drops startup file
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

njratevasiontrojan

behavioral2

njratevasiontrojan