njrat | 62788763528a89a0fcf81bf247bf5f0f9b682e9c6eaad0f3331464e9d8cff47d | Triage

Sharing

General

Target

62788763528a89a0fcf81bf247bf5f0f9b682e9c6eaad0f3331464e9d8cff47d
Size

318KB
Sample

220520-e4b37aaaa7
MD5

01e518b7a490f6628109bd0194b6d474
SHA1

6dc1b684f56b4d6033ee340f32d384ae16e81855
SHA256

62788763528a89a0fcf81bf247bf5f0f9b682e9c6eaad0f3331464e9d8cff47d
SHA512

c2a92f79a89d8fd344dafc554482a3f032cf88ec11f898dfa17661d176f332fa5e7bfba1601fd0c4b3903bb8599eab6b36da30b68c559b58f8c366aa66ba0a89

Score

10^/10

njrat hacked evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

127.0.0.1:5552

Mutex

f03548618f97651db297b397d73ec8d9

Attributes

reg_key
f03548618f97651db297b397d73ec8d9
splitter
|'|'|

Targets

- Target
  
  62788763528a89a0fcf81bf247bf5f0f9b682e9c6eaad0f3331464e9d8cff47d
- Size
  
  318KB
- MD5
  
  01e518b7a490f6628109bd0194b6d474
- SHA1
  
  6dc1b684f56b4d6033ee340f32d384ae16e81855
- SHA256
  
  62788763528a89a0fcf81bf247bf5f0f9b682e9c6eaad0f3331464e9d8cff47d
- SHA512
  
  c2a92f79a89d8fd344dafc554482a3f032cf88ec11f898dfa17661d176f332fa5e7bfba1601fd0c4b3903bb8599eab6b36da30b68c559b58f8c366aa66ba0a89
Score

10^/10

njrat hacked evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathackedevasionpersistencetrojan

behavioral2

njrathackedevasionpersistencetrojan