njrat | 5ef1ff8185f56af614f482d00c32b2112483b0e7900b282fb28200dbe8b0cb87 | Triage

Sharing

General

Target

5ef1ff8185f56af614f482d00c32b2112483b0e7900b282fb28200dbe8b0cb87.exe
Size

23KB
Sample

240428-bvj6nadd3w
MD5

6a44a61f22c1f94581fe84ce077c8bc3
SHA1

0af9823081a8ac7dab63fdbc1c4360508f5ed074
SHA256

5ef1ff8185f56af614f482d00c32b2112483b0e7900b282fb28200dbe8b0cb87
SHA512

295777a065601060e88afdeda7316d2ae422d5e3d371f1fb9e5c9b3cd3d800536c9739104ddc9bd7185d3de3cc0131b28d8ae4fb403aae761b47460a277a5395
SSDEEP

384:mQeCo2zmZbQHkJeCdUwBvQ61gjuQBnB9mRvR6JZlbw8hqIusZzZARr:x5yBVd7Rpcnud

Score

10^/10

njrat mybot evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

MyBot

C2

asero23.ddns.net:5552

Mutex

9128200b315d4a4c00056ef78bb90712

Attributes

reg_key
9128200b315d4a4c00056ef78bb90712
splitter
|'|'|

Targets

- Target
  
  5ef1ff8185f56af614f482d00c32b2112483b0e7900b282fb28200dbe8b0cb87.exe
- Size
  
  23KB
- MD5
  
  6a44a61f22c1f94581fe84ce077c8bc3
- SHA1
  
  0af9823081a8ac7dab63fdbc1c4360508f5ed074
- SHA256
  
  5ef1ff8185f56af614f482d00c32b2112483b0e7900b282fb28200dbe8b0cb87
- SHA512
  
  295777a065601060e88afdeda7316d2ae422d5e3d371f1fb9e5c9b3cd3d800536c9739104ddc9bd7185d3de3cc0131b28d8ae4fb403aae761b47460a277a5395
- SSDEEP
  
  384:mQeCo2zmZbQHkJeCdUwBvQ61gjuQBnB9mRvR6JZlbw8hqIusZzZARr:x5yBVd7Rpcnud
Score

10^/10

njrat evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratevasiontrojan

behavioral2

njratevasiontrojan