njrat | fa21401f20cba55b974d46788986e56e2e385da3cdd9260872567036a70ce168 | Triage

Sharing

General

Target

fa21401f20cba55b974d46788986e56e2e385da3cdd9260872567036a70ce168
Size

31KB
Sample

220520-es2jpshdb8
MD5

f2599c8241785a47e4a5e54628e15ee2
SHA1

6126a67caf537bc201f5e8d56ca83d1d6f094e9a
SHA256

fa21401f20cba55b974d46788986e56e2e385da3cdd9260872567036a70ce168
SHA512

e9b84b27669d85de7e9410a02f726024efd24cdad1c8d5840c03f433a97c70b20d1bf4bb3888caea3e82461214f5fb756a7ba9fdb634658b795d11494c872e1a

Score

10^/10

njrat install evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

install

C2

2.132.107.223:6522

Mutex

bd5be1175c6ff120fdbcfd0476b2cd35

Attributes

reg_key
bd5be1175c6ff120fdbcfd0476b2cd35
splitter
Y262SUCZ4UJJ

Targets

- Target
  
  fa21401f20cba55b974d46788986e56e2e385da3cdd9260872567036a70ce168
- Size
  
  31KB
- MD5
  
  f2599c8241785a47e4a5e54628e15ee2
- SHA1
  
  6126a67caf537bc201f5e8d56ca83d1d6f094e9a
- SHA256
  
  fa21401f20cba55b974d46788986e56e2e385da3cdd9260872567036a70ce168
- SHA512
  
  e9b84b27669d85de7e9410a02f726024efd24cdad1c8d5840c03f433a97c70b20d1bf4bb3888caea3e82461214f5fb756a7ba9fdb634658b795d11494c872e1a
Score

10^/10

njrat install evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njratinstallevasiontrojan

behavioral2

njratinstallevasiontrojan