njrat | 64cc5897fe18437a09e999e3454d03ad475e13ecba62bd58781748d78f962a69 | Triage

Sharing

General

Target

64cc5897fe18437a09e999e3454d03ad475e13ecba62bd58781748d78f962a69
Size

31KB
Sample

220520-2zjnssbcbm
MD5

dd372c9d6185770b04647c60b62e6b99
SHA1

6001109643c626a6eb97393f67447e5b7d36b862
SHA256

64cc5897fe18437a09e999e3454d03ad475e13ecba62bd58781748d78f962a69
SHA512

7feba5fa58928937296ebcfbd10744fa8aa722a2a9bb922fa821d44ad6a5d502030af86ac968a69d5a2daa9a613765f5768e3c4bce4f3bc5b44c220d767df624

Score

10^/10

njrat setup.exe evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Setup.exe

C2

91.189.181.22:9297

Mutex

11deb0888e327d6e5c6209f938480998

Attributes

reg_key
11deb0888e327d6e5c6209f938480998
splitter
Y262SUCZ4UJJ

Targets

- Target
  
  64cc5897fe18437a09e999e3454d03ad475e13ecba62bd58781748d78f962a69
- Size
  
  31KB
- MD5
  
  dd372c9d6185770b04647c60b62e6b99
- SHA1
  
  6001109643c626a6eb97393f67447e5b7d36b862
- SHA256
  
  64cc5897fe18437a09e999e3454d03ad475e13ecba62bd58781748d78f962a69
- SHA512
  
  7feba5fa58928937296ebcfbd10744fa8aa722a2a9bb922fa821d44ad6a5d502030af86ac968a69d5a2daa9a613765f5768e3c4bce4f3bc5b44c220d767df624
Score

10^/10

njrat setup.exe evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njratsetup.exeevasionpersistencetrojan

behavioral2

njratsetup.exeevasionpersistencetrojan