njrat | e632779afa8a535c1c33326cd2ed3c21a2dd3d5978e83670b209bd42778fee4d | Triage

Sharing

General

Target

e632779afa8a535c1c33326cd2ed3c21a2dd3d5978e83670b209bd42778fee4d.exe
Size

31KB
Sample

240927-q63jpsxhla
MD5

1b50b5046d3afe4b4ea14f84942e2993
SHA1

c8e369ac663e76f1fd67d3e1c3e880ee0f00dc52
SHA256

e632779afa8a535c1c33326cd2ed3c21a2dd3d5978e83670b209bd42778fee4d
SHA512

503b8075fed09547f7e8b98cf52e48aa4049523e5b95daa81bd934a988d8a78274ad92c54d5dac336baaa1b2d9b615aca49ba9d2e5aa7bb0efdea7524e5245b4
SSDEEP

768:hrhO5b13hdwzxLy3os0O/dMRvCnQmIDUu0tig3j:FcZ6eh6gQVkXj

Score

10^/10

njrat mybot discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

MyBot

C2

1.243.157.185:6522

Mutex

972ed8a7b6cd2761ef033521af1629ed

Attributes

reg_key
972ed8a7b6cd2761ef033521af1629ed
splitter
Y262SUCZ4UJJ

Targets

- Target
  
  e632779afa8a535c1c33326cd2ed3c21a2dd3d5978e83670b209bd42778fee4d.exe
- Size
  
  31KB
- MD5
  
  1b50b5046d3afe4b4ea14f84942e2993
- SHA1
  
  c8e369ac663e76f1fd67d3e1c3e880ee0f00dc52
- SHA256
  
  e632779afa8a535c1c33326cd2ed3c21a2dd3d5978e83670b209bd42778fee4d
- SHA512
  
  503b8075fed09547f7e8b98cf52e48aa4049523e5b95daa81bd934a988d8a78274ad92c54d5dac336baaa1b2d9b615aca49ba9d2e5aa7bb0efdea7524e5245b4
- SSDEEP
  
  768:hrhO5b13hdwzxLy3os0O/dMRvCnQmIDUu0tig3j:FcZ6eh6gQVkXj
Score

10^/10

njrat discovery evasion persistence privilege_escalation trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratdiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

njratdiscoveryevasionpersistenceprivilege_escalationtrojan