njrat | b6634d60c4f33e8ff40efbbbddd098cc420fe12822c633752260e3b0e6d11307 | Triage

Sharing

General

Target

03CFE21475FF1E4B334AD89DED81AE54.exe
Size

23KB
Sample

231217-wzxb1afcaq
MD5

03cfe21475ff1e4b334ad89ded81ae54
SHA1

885cd1d6782f12eba1a8b02ba5e380b43d724ac8
SHA256

b6634d60c4f33e8ff40efbbbddd098cc420fe12822c633752260e3b0e6d11307
SHA512

28361958762f5951c405f664e6891eca9fe735b791702db93599fbf34b50885d95dd8938784423ec4ccb50648a4f8350106b51d8082d43e65fa5371bf3bd9f56
SSDEEP

384:IcqbCK0l4h7o9SVyDGvENuh46/gJkOmMSW38mRvR6JZlbw8hqIusZzZLp:330py6vhxaRpcnuG

Score

10^/10

njrat lammer evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Lammer

C2

0.tcp.sa.ngrok.io:12537

Mutex

e71381ce4c6ac23e031048fb1464e9da

Attributes

reg_key
e71381ce4c6ac23e031048fb1464e9da
splitter
|'|'|

Targets

- Target
  
  03CFE21475FF1E4B334AD89DED81AE54.exe
- Size
  
  23KB
- MD5
  
  03cfe21475ff1e4b334ad89ded81ae54
- SHA1
  
  885cd1d6782f12eba1a8b02ba5e380b43d724ac8
- SHA256
  
  b6634d60c4f33e8ff40efbbbddd098cc420fe12822c633752260e3b0e6d11307
- SHA512
  
  28361958762f5951c405f664e6891eca9fe735b791702db93599fbf34b50885d95dd8938784423ec4ccb50648a4f8350106b51d8082d43e65fa5371bf3bd9f56
- SSDEEP
  
  384:IcqbCK0l4h7o9SVyDGvENuh46/gJkOmMSW38mRvR6JZlbw8hqIusZzZLp:330py6vhxaRpcnuG
Score

10^/10

njrat evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

njratevasiontrojan

behavioral2

njratevasiontrojan