njrat | 55ab4a25ebc82efbfeaafd3ca704df8e5b1e14596fe1316f90169b7319a8eb13 | Triage

Sharing

General

Target

717185d0155273e35ef0c3e4209b7d22_JaffaCakes118
Size

23KB
Sample

240525-kr2e7sca4x
MD5

717185d0155273e35ef0c3e4209b7d22
SHA1

a8f366a2d23c645d9c375fa4a6b3a4a225017011
SHA256

55ab4a25ebc82efbfeaafd3ca704df8e5b1e14596fe1316f90169b7319a8eb13
SHA512

6985889f84719addf771cec7ce5d32d014da3793a23ba72859766ecbc2d5c97540dfe0c9000977cae0255e4cc48256b64ed8dab365b58c5e88f5b73332c15cc8
SSDEEP

384:BM8aSyS9gB3Y1KIay2X8cLZI6XgxsGJVPpmRvR6JZlbw8hqIusZzZD7:Z589tXvRpcnuY

Score

10^/10

njrat hacked evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

youtubexlarg.ddns.net:1177

Mutex

ff7ceee5cac2d72ae5f91f7ee0db1afb

Attributes

reg_key
ff7ceee5cac2d72ae5f91f7ee0db1afb
splitter
|'|'|

Targets

- Target
  
  717185d0155273e35ef0c3e4209b7d22_JaffaCakes118
- Size
  
  23KB
- MD5
  
  717185d0155273e35ef0c3e4209b7d22
- SHA1
  
  a8f366a2d23c645d9c375fa4a6b3a4a225017011
- SHA256
  
  55ab4a25ebc82efbfeaafd3ca704df8e5b1e14596fe1316f90169b7319a8eb13
- SHA512
  
  6985889f84719addf771cec7ce5d32d014da3793a23ba72859766ecbc2d5c97540dfe0c9000977cae0255e4cc48256b64ed8dab365b58c5e88f5b73332c15cc8
- SSDEEP
  
  384:BM8aSyS9gB3Y1KIay2X8cLZI6XgxsGJVPpmRvR6JZlbw8hqIusZzZD7:Z589tXvRpcnuY
Score

10^/10

njrat evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratevasiontrojan

behavioral2

njratevasiontrojan