njrat | 60750c9f862c0e8d042d8d7be60e1701c57b2a5da6ff58dca31e54a7a0785549 | Triage

Sharing

General

Target

60750c9f862c0e8d042d8d7be60e1701c57b2a5da6ff58dca31e54a7a0785549
Size

113KB
Sample

220511-czleysgdbr
MD5

804ab4cb9903d259120e591ac565e5c0
SHA1

11955010086627d54c94c1172455c71417f0a31d
SHA256

60750c9f862c0e8d042d8d7be60e1701c57b2a5da6ff58dca31e54a7a0785549
SHA512

180b4eaf31a94ab689e5c4214f521f88e3fa7c6ca273e2e3ae86f65fa9140d743e8a2a996c441d06df39731b2235d73e59c34dc0cd195214475911f1f73ab528

Score

10^/10

njrat hack trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

hack

C2

thec0de-22249.portmap.io:22249

Mutex

ac92d1ea6bee0411dba544616f4313da

Attributes

reg_key
ac92d1ea6bee0411dba544616f4313da
splitter
|'|'|

Targets

- Target
  
  60750c9f862c0e8d042d8d7be60e1701c57b2a5da6ff58dca31e54a7a0785549
- Size
  
  113KB
- MD5
  
  804ab4cb9903d259120e591ac565e5c0
- SHA1
  
  11955010086627d54c94c1172455c71417f0a31d
- SHA256
  
  60750c9f862c0e8d042d8d7be60e1701c57b2a5da6ff58dca31e54a7a0785549
- SHA512
  
  180b4eaf31a94ab689e5c4214f521f88e3fa7c6ca273e2e3ae86f65fa9140d743e8a2a996c441d06df39731b2235d73e59c34dc0cd195214475911f1f73ab528
Score

10^/10

njrat hack trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathacktrojan

behavioral2

njrathacktrojan