njrat | 579180777a9a584fd9f6b08057c25e23c96f4f50a9107e754eba93b8cf51d5c4 | Triage

Sharing

General

Target

c861f276d60588950214242b3ab35a17
Size

284KB
Sample

240314-me42nshe6s
MD5

c861f276d60588950214242b3ab35a17
SHA1

8148b00e4b99980235e9148c572165ae6e0ae113
SHA256

579180777a9a584fd9f6b08057c25e23c96f4f50a9107e754eba93b8cf51d5c4
SHA512

0bd0bff3de3c68053ed1a57bd4a52fca6497d193ae686cffccda823260ac079a6e202a3410edc6ce23c66ba0e14d574bbf3be2bef6f5301dfefdac559e96a638
SSDEEP

3072:w5rSi9mLPT63Q77NhQGMHphGw+EIsxw8baRYX2NCancRu7AlSfZEPCNHLI84MKf:UrSi9cPCQ7JTMJvjPMKf

Score

10^/10

njrat test evasion trojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

test

C2

anis54.ddns.net:2222

Mutex

65e94396eb62c806a96eab34be011195

Attributes

reg_key
65e94396eb62c806a96eab34be011195
splitter
|'|'|

Targets

- Target
  
  c861f276d60588950214242b3ab35a17
- Size
  
  284KB
- MD5
  
  c861f276d60588950214242b3ab35a17
- SHA1
  
  8148b00e4b99980235e9148c572165ae6e0ae113
- SHA256
  
  579180777a9a584fd9f6b08057c25e23c96f4f50a9107e754eba93b8cf51d5c4
- SHA512
  
  0bd0bff3de3c68053ed1a57bd4a52fca6497d193ae686cffccda823260ac079a6e202a3410edc6ce23c66ba0e14d574bbf3be2bef6f5301dfefdac559e96a638
- SSDEEP
  
  3072:w5rSi9mLPT63Q77NhQGMHphGw+EIsxw8baRYX2NCancRu7AlSfZEPCNHLI84MKf:UrSi9cPCQ7JTMJvjPMKf
Score

10^/10

njrat test evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

njrattestevasiontrojan