njrat | 4be94f702c445d29a29d9c6cfd27402912d8e453d7d7c7a47d26b736673896a3 | Triage

Sharing

General

Target

4be94f702c445d29a29d9c6cfd27402912d8e453d7d7c7a47d26b736673896a3
Size

58KB
Sample

241123-x5ybxsskfx
MD5

d851457375df95ee26ca13524e5bbbfb
SHA1

8243d96f85b5290c864ea8b29638d3d4baca4a86
SHA256

4be94f702c445d29a29d9c6cfd27402912d8e453d7d7c7a47d26b736673896a3
SHA512

0ec419e362d8f6f5c9819faa572fc15c24d94a166a3032348ff544cfbd250128bf03fc1fe37764642a3dd1d793ce12331ec193dbd737b1617697c7dd82eae7e9
SSDEEP

1536:y2q3pLscBG2HwE+xSC3RUIHpZMXpB9O+nk:QVDg4wt33H7ypfO+nk

Score

10^/10

njrat hacked discovery trojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

127.0.0.1:7771

Mutex

4c7a09e2b9a3f7aed80289c245122ae5

Attributes

reg_key
4c7a09e2b9a3f7aed80289c245122ae5
splitter
|'|'|

Targets

- Target
  
  4be94f702c445d29a29d9c6cfd27402912d8e453d7d7c7a47d26b736673896a3
- Size
  
  58KB
- MD5
  
  d851457375df95ee26ca13524e5bbbfb
- SHA1
  
  8243d96f85b5290c864ea8b29638d3d4baca4a86
- SHA256
  
  4be94f702c445d29a29d9c6cfd27402912d8e453d7d7c7a47d26b736673896a3
- SHA512
  
  0ec419e362d8f6f5c9819faa572fc15c24d94a166a3032348ff544cfbd250128bf03fc1fe37764642a3dd1d793ce12331ec193dbd737b1617697c7dd82eae7e9
- SSDEEP
  
  1536:y2q3pLscBG2HwE+xSC3RUIHpZMXpB9O+nk:QVDg4wt33H7ypfO+nk
Score

10^/10

njrat hacked discovery trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackeddiscoverytrojan

behavioral2

njrathackeddiscoverytrojan