njrat | a9ded12f4c96b9c4db22702ffa75245fd631d05c90473f23b69ca29cd7ef1066 | Triage

Sharing

General

Target

013aa4e01d67b9b9de9942e2e905d870N
Size

71KB
Sample

240909-qdcgta1hpb
MD5

013aa4e01d67b9b9de9942e2e905d870
SHA1

ef7b47c049d1bce53172c8f9fc48ada8489686ea
SHA256

a9ded12f4c96b9c4db22702ffa75245fd631d05c90473f23b69ca29cd7ef1066
SHA512

7bd8aa4f240a2fd5e1f8d2e31a375ac15f01735c17c5238b3be9c058db0406f0b4b998f244492fde1544b7f6bcbb9faa0cc4cf77618bc4e3a795de7ccfa467f6
SSDEEP

1536:G7sMDnUNaYJGrWDKwsNMDQXExI3pmjm57U:nMDnRCOWDKwsNMDQXExI3pmU7

Score

10^/10

njrat victim discovery evasion execution trojan

Malware Config

Extracted

Family

njrat

Version

<- NjRAT 0.7d Horror Edition ->

Botnet

Victim

C2

1.0.0.721:81

Mutex

9a0c0a5dbe82ac836b08924925c5d4b1

Attributes

reg_key
9a0c0a5dbe82ac836b08924925c5d4b1
splitter
Y262SUCZ4UJJ

Targets

- Target
  
  013aa4e01d67b9b9de9942e2e905d870N
- Size
  
  71KB
- MD5
  
  013aa4e01d67b9b9de9942e2e905d870
- SHA1
  
  ef7b47c049d1bce53172c8f9fc48ada8489686ea
- SHA256
  
  a9ded12f4c96b9c4db22702ffa75245fd631d05c90473f23b69ca29cd7ef1066
- SHA512
  
  7bd8aa4f240a2fd5e1f8d2e31a375ac15f01735c17c5238b3be9c058db0406f0b4b998f244492fde1544b7f6bcbb9faa0cc4cf77618bc4e3a795de7ccfa467f6
- SSDEEP
  
  1536:G7sMDnUNaYJGrWDKwsNMDQXExI3pmjm57U:nMDnRCOWDKwsNMDQXExI3pmU7
Score

10^/10

njrat discovery evasion execution trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Stops running service(s)
  evasion execution
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

njratdiscoveryevasionexecutiontrojan

behavioral2

njratdiscoveryevasionexecutiontrojan