njrat | fd7f387b6382cd996d317b968f997bad9b1fbc2db711585cf2a73aed058888a7 | Triage

Sharing

General

Target

315d1a63a2bc29a5d445037c20130c0b.bin
Size

31KB
Sample

231127-bwanlsde4x
MD5

315d1a63a2bc29a5d445037c20130c0b
SHA1

76d698bc110d2fdc70a0184d41a8cb469b0be876
SHA256

fd7f387b6382cd996d317b968f997bad9b1fbc2db711585cf2a73aed058888a7
SHA512

4b86d30ed839ea7a14a91cb4d810c7ec86366f9ce3b3f6539831254b8746916d153617d70a5dbee98c7fcbdae14aaccac68b38a05a9d96b9318c098fab90cb19
SSDEEP

768:vGMv+ZW1nRNAzx7SnI1OfoFLhvi0QmIDUu0tifmj:eMS2a9RLQVkzj

Score

10^/10

njrat mybot evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

MyBot

C2

zobhumide.duckdns.org:1608

Mutex

74d2645fe1e6ef320767741b6f659a39

Attributes

reg_key
74d2645fe1e6ef320767741b6f659a39
splitter
Y262SUCZ4UJJ

Targets

- Target
  
  315d1a63a2bc29a5d445037c20130c0b.bin
- Size
  
  31KB
- MD5
  
  315d1a63a2bc29a5d445037c20130c0b
- SHA1
  
  76d698bc110d2fdc70a0184d41a8cb469b0be876
- SHA256
  
  fd7f387b6382cd996d317b968f997bad9b1fbc2db711585cf2a73aed058888a7
- SHA512
  
  4b86d30ed839ea7a14a91cb4d810c7ec86366f9ce3b3f6539831254b8746916d153617d70a5dbee98c7fcbdae14aaccac68b38a05a9d96b9318c098fab90cb19
- SSDEEP
  
  768:vGMv+ZW1nRNAzx7SnI1OfoFLhvi0QmIDUu0tifmj:eMS2a9RLQVkzj
Score

10^/10

njrat evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

njratevasiontrojan

behavioral2

njratevasiontrojan