njrat | 8cbd5f9b1be18429ebd9e3fd0fe7152682848ed00d359eea9fbdb77840b076af | Triage

Sharing

General

Target

ngrok.exe
Size

45.9MB
Sample

250122-sgxy2asrhn
MD5

108a2b2ace16b215f7bd1207be6b1498
SHA1

c98b8a1184c1195bced0b9f769943786052b303e
SHA256

8cbd5f9b1be18429ebd9e3fd0fe7152682848ed00d359eea9fbdb77840b076af
SHA512

c50443d25be2bd80f59545cb25577dcb3240d621bce511a063939baa084c1cef79f40a02414db90f4cc0efa7b751b808131c2b7014966b70a430f086d239985f
SSDEEP

393216:rYXEXR3uzMK0GWSFqlV3lYWmnHGm8mtGDfdJlU8Jq8tA9KxFxCfV:rYXEXhuzMmF26WmnHGrO1

Score

10^/10

njrat hacked defense_evasion discovery trojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

4.tcp.eu.ngrok.io:14149

Mutex

a430c6a04cbb9e30925e7a0dad95dddc

Attributes

reg_key
a430c6a04cbb9e30925e7a0dad95dddc
splitter
|'|'|

Targets

- Target
  
  ngrok.exe
- Size
  
  45.9MB
- MD5
  
  108a2b2ace16b215f7bd1207be6b1498
- SHA1
  
  c98b8a1184c1195bced0b9f769943786052b303e
- SHA256
  
  8cbd5f9b1be18429ebd9e3fd0fe7152682848ed00d359eea9fbdb77840b076af
- SHA512
  
  c50443d25be2bd80f59545cb25577dcb3240d621bce511a063939baa084c1cef79f40a02414db90f4cc0efa7b751b808131c2b7014966b70a430f086d239985f
- SSDEEP
  
  393216:rYXEXR3uzMK0GWSFqlV3lYWmnHGm8mtGDfdJlU8Jq8tA9KxFxCfV:rYXEXhuzMmF26WmnHGrO1
Score

10^/10

njrat hacked defense_evasion discovery trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  defense_evasion
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackeddefense_evasiondiscoverytrojan

behavioral2