njrat | 3f16985a58d42af0b56b8cbcefbfea709d32b3041633c4037f4d46cddb6b16e6 | Triage

Submit
Reports

Overview

overview

Static

static

3f16985a58...e6.exe

windows7_x64

3f16985a58...e6.exe

windows10-2004_x64

Sharing

General

Target

3f16985a58d42af0b56b8cbcefbfea709d32b3041633c4037f4d46cddb6b16e6
Size

2.1MB
Sample

220310-3zk3asdbg4
MD5

c0d3b6f38e5253f59f2f15cdcf14edf0
SHA1

4442c0d76b86470ebd8d8cea91382107ff9ad96d
SHA256

3f16985a58d42af0b56b8cbcefbfea709d32b3041633c4037f4d46cddb6b16e6
SHA512

578d245a5e7444a741d946dd20b7e9506ac7436ed08132af7549d12f293b9e92d9c3c7174284c92a7a8802211799dc09847f3428c758da0632c471b3aa80e696

Score

10^/10

njrat hack evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

3f16985a58d42af0b56b8cbcefbfea709d32b3041633c4037f4d46cddb6b16e6.exe

Resource

win7-20220223-en

njrat hack evasion persistence trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

3f16985a58d42af0b56b8cbcefbfea709d32b3041633c4037f4d46cddb6b16e6.exe

Resource

win10v2004-en-20220113

njrat hack trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacK

C2

127.0.0.1:1234

Mutex

8a6179254fb2f1e73fe707c1a92f1876

Attributes

reg_key
8a6179254fb2f1e73fe707c1a92f1876
splitter
|'|'|

Targets

- Target
  
  3f16985a58d42af0b56b8cbcefbfea709d32b3041633c4037f4d46cddb6b16e6
- Size
  
  2.1MB
- MD5
  
  c0d3b6f38e5253f59f2f15cdcf14edf0
- SHA1
  
  4442c0d76b86470ebd8d8cea91382107ff9ad96d
- SHA256
  
  3f16985a58d42af0b56b8cbcefbfea709d32b3041633c4037f4d46cddb6b16e6
- SHA512
  
  578d245a5e7444a741d946dd20b7e9506ac7436ed08132af7549d12f293b9e92d9c3c7174284c92a7a8802211799dc09847f3428c758da0632c471b3aa80e696
Score

10^/10

njrat hack evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Nirsoft
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathackevasionpersistencetrojan

behavioral2

njrathacktrojan

© 2018-2024

Terms | Privacy