njrat | ba4be052de9286a4a3afac7cf82236f9dde078edf50ce3d230f92decfcb8f2bd | Triage

Sharing

General

Target

ba4be052de9286a4a3afac7cf82236f9dde078edf50ce3d230f92decfcb8f2bd
Size

37KB
Sample

220520-1avjbsgham
MD5

aea0c83fee15dc36f461043f28d613eb
SHA1

9b4abebcfadbfb43776e7b62f2c255bb1c3b87e2
SHA256

ba4be052de9286a4a3afac7cf82236f9dde078edf50ce3d230f92decfcb8f2bd
SHA512

550cc1f49fdf75f810b424f62225704a67c6acc381e9641cdb6becc058df32aea4ecb36bffa498334167e735bcc9e3ac894e2580e8cde375fb035ce7388f400f

Score

10^/10

njrat hacked evasion trojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

127.0.0.1:5552

Mutex

61636496e2350661a609e72e29ad1491

Attributes

reg_key
61636496e2350661a609e72e29ad1491
splitter
|'|'|

Targets

- Target
  
  ba4be052de9286a4a3afac7cf82236f9dde078edf50ce3d230f92decfcb8f2bd
- Size
  
  37KB
- MD5
  
  aea0c83fee15dc36f461043f28d613eb
- SHA1
  
  9b4abebcfadbfb43776e7b62f2c255bb1c3b87e2
- SHA256
  
  ba4be052de9286a4a3afac7cf82236f9dde078edf50ce3d230f92decfcb8f2bd
- SHA512
  
  550cc1f49fdf75f810b424f62225704a67c6acc381e9641cdb6becc058df32aea4ecb36bffa498334167e735bcc9e3ac894e2580e8cde375fb035ce7388f400f
Score

10^/10

njrat hacked evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathackedevasiontrojan

behavioral2

njrathackedevasiontrojan