njrat | c093b4cd2ad7f9eaf3dc918333d6df78753ff18f71b4ac722862a7d8cf44031a | Triage

Sharing

General

Target

17e8b8ca2511a8273d049a478d075fc2
Size

349KB
Sample

231224-212k1abca2
MD5

17e8b8ca2511a8273d049a478d075fc2
SHA1

3a473b8f7bbd4c878ffd9101482d164a6bbac60c
SHA256

c093b4cd2ad7f9eaf3dc918333d6df78753ff18f71b4ac722862a7d8cf44031a
SHA512

4094b0be82a62ac2d7ae08aeae432ba1a89ca9c40f7c5bfec19bbde529a8a0fdef56f19be63263936cab2dd429dbdd70df754d9ba35b45253597b99d15329429
SSDEEP

6144:jXXXXXXXXXXXXXXXXXfqJuiHivvWxzfHWojlNBXNU+Y07sxKCYsRCgPtZXzgAtxs:

Score

10^/10

njrat hack evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Hack

C2

runtime.kro.kr:6522

Mutex

15ac00e92ea47b4f7ac4e4714b9affcb

Attributes

reg_key
15ac00e92ea47b4f7ac4e4714b9affcb
splitter
|'|'|

Targets

- Target
  
  17e8b8ca2511a8273d049a478d075fc2
- Size
  
  349KB
- MD5
  
  17e8b8ca2511a8273d049a478d075fc2
- SHA1
  
  3a473b8f7bbd4c878ffd9101482d164a6bbac60c
- SHA256
  
  c093b4cd2ad7f9eaf3dc918333d6df78753ff18f71b4ac722862a7d8cf44031a
- SHA512
  
  4094b0be82a62ac2d7ae08aeae432ba1a89ca9c40f7c5bfec19bbde529a8a0fdef56f19be63263936cab2dd429dbdd70df754d9ba35b45253597b99d15329429
- SSDEEP
  
  6144:jXXXXXXXXXXXXXXXXXfqJuiHivvWxzfHWojlNBXNU+Y07sxKCYsRCgPtZXzgAtxs:
Score

10^/10

njrat hack evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

njrathackevasiontrojan

behavioral2

njrathackevasiontrojan