njrat | 8f5f1f7e22a920eda275f0983d379985ba6b921112308daf60b15b1d0cb04404 | Triage

Sharing

General

Target

8f5f1f7e22a920eda275f0983d379985ba6b921112308daf60b15b1d0cb04404
Size

31KB
Sample

220520-2pzbhaagfk
MD5

9e41cd107fb4c1b437246ef8b5fe64ec
SHA1

b5132e4c08c5c038b732a438862eb9c00f437f34
SHA256

8f5f1f7e22a920eda275f0983d379985ba6b921112308daf60b15b1d0cb04404
SHA512

cbb7066396db083179d8adfa668ba49882b8d6272dd6deb5f6b73b30e873b9083bdd2535a76a66edfdc36161526e48ff5e95afd0eb1980db0512c1165fc2748c

Score

10^/10

njrat mybot evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

MyBot

C2

192.168.157.1:80

Mutex

a5f0657b4c860308399dc7b1f71c2ea3

Attributes

reg_key
a5f0657b4c860308399dc7b1f71c2ea3
splitter
Y262SUCZ4UJJ

Targets

- Target
  
  8f5f1f7e22a920eda275f0983d379985ba6b921112308daf60b15b1d0cb04404
- Size
  
  31KB
- MD5
  
  9e41cd107fb4c1b437246ef8b5fe64ec
- SHA1
  
  b5132e4c08c5c038b732a438862eb9c00f437f34
- SHA256
  
  8f5f1f7e22a920eda275f0983d379985ba6b921112308daf60b15b1d0cb04404
- SHA512
  
  cbb7066396db083179d8adfa668ba49882b8d6272dd6deb5f6b73b30e873b9083bdd2535a76a66edfdc36161526e48ff5e95afd0eb1980db0512c1165fc2748c
Score

10^/10

njrat mybot evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njratmybotevasiontrojan

behavioral2

njratmybotevasiontrojan