njrat | ad95184709a116bede1f005bd1741209034f5ba47c5e0401347cd680ce8eff8a | Triage

Sharing

General

Target

7efa05b8e05246e7ada931c405e7c3c7.exe
Size

345KB
Sample

231209-jmgdssghd5
MD5

7efa05b8e05246e7ada931c405e7c3c7
SHA1

d0890b4c04f06bae4324a41df906dc5952e02d74
SHA256

ad95184709a116bede1f005bd1741209034f5ba47c5e0401347cd680ce8eff8a
SHA512

393fd604751a4ece38747c9bf547940e38800fa1954127674a483ebedcb4313fff17aa64c8fe3a2d3c388d61ed3f7de574b8180117d54de29b862aaec768fde7
SSDEEP

6144:bSTz3MaMNhXbyuWt2EHOO+7qeA5fphPFrKz1K5aPMBsN9Ci7xTjnTkSp:eTy7A6IzibR

Score

10^/10

njrat hacked evasion trojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

wfe.ddns.net:9988

Mutex

7b3c4306674567a731eb163e6c0b9141

Attributes

reg_key
7b3c4306674567a731eb163e6c0b9141
splitter
|'|'|

Targets

- Target
  
  7efa05b8e05246e7ada931c405e7c3c7.exe
- Size
  
  345KB
- MD5
  
  7efa05b8e05246e7ada931c405e7c3c7
- SHA1
  
  d0890b4c04f06bae4324a41df906dc5952e02d74
- SHA256
  
  ad95184709a116bede1f005bd1741209034f5ba47c5e0401347cd680ce8eff8a
- SHA512
  
  393fd604751a4ece38747c9bf547940e38800fa1954127674a483ebedcb4313fff17aa64c8fe3a2d3c388d61ed3f7de574b8180117d54de29b862aaec768fde7
- SSDEEP
  
  6144:bSTz3MaMNhXbyuWt2EHOO+7qeA5fphPFrKz1K5aPMBsN9Ci7xTjnTkSp:eTy7A6IzibR
Score

10^/10

njrat hacked evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Drops startup file
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackedevasiontrojan

behavioral2

njrathackedevasiontrojan