njrat | 142794b66b8708fa0f8dffb82a624a33abeddb22ac2a9b5442957a7aef22d841 | Triage

Sharing

General

Target

142794b66b8708fa0f8dffb82a624a33abeddb22ac2a9b5442957a7aef22d841
Size

37KB
Sample

220520-fam42aadb4
MD5

01e68b10abe9efeb75603ea26c75242f
SHA1

5d5b45d5a08801c03c2068f753ab4a41ddf71966
SHA256

142794b66b8708fa0f8dffb82a624a33abeddb22ac2a9b5442957a7aef22d841
SHA512

aa3fbbf3bc270ab13a087ebe954e082bfb55d9040980e2f5f8f505fbd9fec93000485cbef42dc0b62bd01207b5bae7a38e8bb0cf01285c0a57bae2dc6e863db3

Score

10^/10

njrat hacked evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

z1cker.ddns.net:9219

Mutex

7dd52bc3c44b5e589ee15a6885becb3e

Attributes

reg_key
7dd52bc3c44b5e589ee15a6885becb3e
splitter
|'|'|

Targets

- Target
  
  142794b66b8708fa0f8dffb82a624a33abeddb22ac2a9b5442957a7aef22d841
- Size
  
  37KB
- MD5
  
  01e68b10abe9efeb75603ea26c75242f
- SHA1
  
  5d5b45d5a08801c03c2068f753ab4a41ddf71966
- SHA256
  
  142794b66b8708fa0f8dffb82a624a33abeddb22ac2a9b5442957a7aef22d841
- SHA512
  
  aa3fbbf3bc270ab13a087ebe954e082bfb55d9040980e2f5f8f505fbd9fec93000485cbef42dc0b62bd01207b5bae7a38e8bb0cf01285c0a57bae2dc6e863db3
Score

10^/10

njrat hacked evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathackedevasionpersistencetrojan

behavioral2

njrathackedevasionpersistencetrojan