njrat | cdc771adbd55add756c3fd400ae846c8b8d378c68feac22e0bcc96dc480a6dc4 | Triage

Sharing

General

Target

4574bd93391feb09a4f2fb7feaa0f29d.exe
Size

33KB
Sample

240106-l5bx5sdbhl
MD5

4574bd93391feb09a4f2fb7feaa0f29d
SHA1

8bf4ce7c275d6efb9470f617189d2945f9039935
SHA256

cdc771adbd55add756c3fd400ae846c8b8d378c68feac22e0bcc96dc480a6dc4
SHA512

f346a22c4b6b9dc3199300b591b40cfc54555b849e90fa38d3001c4a7f4d6ca3b139348b60409903ec3bd7fd9742a3e2ddba510485e4d68d7f5be43a029fadfa
SSDEEP

768:VvTgsrbTI3IOTT95Hrg1XVbXBAQ/nvF8Nul2y:tJbaM7BHnmulZ

Score

10^/10

njrat hacked evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

rxlwee.ddns.net:5552

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|'|'|

Targets

- Target
  
  4574bd93391feb09a4f2fb7feaa0f29d.exe
- Size
  
  33KB
- MD5
  
  4574bd93391feb09a4f2fb7feaa0f29d
- SHA1
  
  8bf4ce7c275d6efb9470f617189d2945f9039935
- SHA256
  
  cdc771adbd55add756c3fd400ae846c8b8d378c68feac22e0bcc96dc480a6dc4
- SHA512
  
  f346a22c4b6b9dc3199300b591b40cfc54555b849e90fa38d3001c4a7f4d6ca3b139348b60409903ec3bd7fd9742a3e2ddba510485e4d68d7f5be43a029fadfa
- SSDEEP
  
  768:VvTgsrbTI3IOTT95Hrg1XVbXBAQ/nvF8Nul2y:tJbaM7BHnmulZ
Score

10^/10

njrat hacked evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

njrathacked evasiontrojan

behavioral2

njrathacked evasiontrojan