njrat | c7acd87f5b38a5e6d6ba52955d47e004a9492f14b1f7b07fded8aaff6deac8ba | Triage

Sharing

General

Target

c7acd87f5b38a5e6d6ba52955d47e004a9492f14b1f7b07fded8aaff6deac8ba
Size

37KB
Sample

220520-3erpcabfhn
MD5

91dfd564f2e872a5c9160c223c0bf9ed
SHA1

b4830749827a09131fc6ff32aa0e6ab34dbc4512
SHA256

c7acd87f5b38a5e6d6ba52955d47e004a9492f14b1f7b07fded8aaff6deac8ba
SHA512

c18eb99721a3800aae9b6daaf84c55e3fb4b889d412a04a389799616e219cbd94e4a5c54e309632ea630b6c829f7f2d1ca8be09d7318e8914a610e777d887a28

Score

10^/10

njrat sql server evasion trojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

SQL server

C2

iferuss.ddns.net:5454

Mutex

13f4da54eb6bdd00f81e5dd87548c94f

Attributes

reg_key
13f4da54eb6bdd00f81e5dd87548c94f
splitter
|'|'|

Targets

- Target
  
  c7acd87f5b38a5e6d6ba52955d47e004a9492f14b1f7b07fded8aaff6deac8ba
- Size
  
  37KB
- MD5
  
  91dfd564f2e872a5c9160c223c0bf9ed
- SHA1
  
  b4830749827a09131fc6ff32aa0e6ab34dbc4512
- SHA256
  
  c7acd87f5b38a5e6d6ba52955d47e004a9492f14b1f7b07fded8aaff6deac8ba
- SHA512
  
  c18eb99721a3800aae9b6daaf84c55e3fb4b889d412a04a389799616e219cbd94e4a5c54e309632ea630b6c829f7f2d1ca8be09d7318e8914a610e777d887a28
Score

10^/10

njrat sql server evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

sql servernjrat

behavioral1

njratsql serverevasiontrojan

behavioral2

njratsql serverevasiontrojan