njrat | dac45e2cb36561bb596a193bcecda204897edc877d3b53d7f90afe00de985e35 | Triage

Sharing

General

Target

dac45e2cb36561bb596a193bcecda204897edc877d3b53d7f90afe00de985e35
Size

37KB
Sample

220520-3sg23accgl
MD5

d188c64010292c6bc14b39300ea1b02c
SHA1

9e528a712b392f06702474754b69dbc5464aa67a
SHA256

dac45e2cb36561bb596a193bcecda204897edc877d3b53d7f90afe00de985e35
SHA512

a080a35a1013e36c8606d8b9c4536bb7a4ba302999abfd36f05f3f42c97caaa8a2dbb9533ca91521255905c1fd8fbabfb2772299d3f43deefb082969030d453e

Score

10^/10

njrat hacked evasion trojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

127.0.0.1:5552

Mutex

5a545701cd814ea07365ecbf66477e27

Attributes

reg_key
5a545701cd814ea07365ecbf66477e27
splitter
|'|'|

Targets

- Target
  
  dac45e2cb36561bb596a193bcecda204897edc877d3b53d7f90afe00de985e35
- Size
  
  37KB
- MD5
  
  d188c64010292c6bc14b39300ea1b02c
- SHA1
  
  9e528a712b392f06702474754b69dbc5464aa67a
- SHA256
  
  dac45e2cb36561bb596a193bcecda204897edc877d3b53d7f90afe00de985e35
- SHA512
  
  a080a35a1013e36c8606d8b9c4536bb7a4ba302999abfd36f05f3f42c97caaa8a2dbb9533ca91521255905c1fd8fbabfb2772299d3f43deefb082969030d453e
Score

10^/10

njrat hacked evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathackedevasiontrojan

behavioral2

njrathackedtrojan