njrat | 911197fc5a71d61534e341e8d20a8f0bd4dc4d3ec253d327a3ae8e6375bb13a6 | Triage

Sharing

General

Target

911197fc5a71d61534e341e8d20a8f0bd4dc4d3ec253d327a3ae8e6375bb13a6
Size

157KB
Sample

220520-3zewaahge2
MD5

182e2cce08ee92c62f64752aaa23c369
SHA1

e47112a7f7ce5c3105249f043bb809daf490b7d8
SHA256

911197fc5a71d61534e341e8d20a8f0bd4dc4d3ec253d327a3ae8e6375bb13a6
SHA512

b66d06c7862641351c12b2c91cca3be32b1a8d35e9525e1447b14385b8dc81129f93b10b58ba6058de88818bc9209a6d54be24b4b8a0dda7cf9b53b0b19e4f6a

Score

10^/10

njrat evasion trojan

Malware Config

Targets

- Target
  
  911197fc5a71d61534e341e8d20a8f0bd4dc4d3ec253d327a3ae8e6375bb13a6
- Size
  
  157KB
- MD5
  
  182e2cce08ee92c62f64752aaa23c369
- SHA1
  
  e47112a7f7ce5c3105249f043bb809daf490b7d8
- SHA256
  
  911197fc5a71d61534e341e8d20a8f0bd4dc4d3ec253d327a3ae8e6375bb13a6
- SHA512
  
  b66d06c7862641351c12b2c91cca3be32b1a8d35e9525e1447b14385b8dc81129f93b10b58ba6058de88818bc9209a6d54be24b4b8a0dda7cf9b53b0b19e4f6a
Score

10^/10

evasion njrat trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

njratevasiontrojan