njrat | 00b298eb0d75725955d9da09e33bb625bb7415bf550abd655082f69666aa6500 | Triage

Sharing

General

Target

00b298eb0d75725955d9da09e33bb625bb7415bf550abd655082f69666aa6500
Size

37KB
Sample

220520-fbnf7aadf9
MD5

accacc1c4c9a92e41809008b23681085
SHA1

2b657e8257647fe5243a1fd494196b4dd96b72eb
SHA256

00b298eb0d75725955d9da09e33bb625bb7415bf550abd655082f69666aa6500
SHA512

198544ccc224b03b0758f4eafc0fe3c4efc8ed59891b56ba81ada751723b58c7b2026022bf93e2509f564408b8e0855b14a904c3ad69fa12570b79eaf15f25ee

Score

10^/10

njrat hacked evasion trojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

127.0.0.1:5552

Mutex

267632fbed75e86ba99f14a92cc1a8d8

Attributes

reg_key
267632fbed75e86ba99f14a92cc1a8d8
splitter
|'|'|

Targets

- Target
  
  00b298eb0d75725955d9da09e33bb625bb7415bf550abd655082f69666aa6500
- Size
  
  37KB
- MD5
  
  accacc1c4c9a92e41809008b23681085
- SHA1
  
  2b657e8257647fe5243a1fd494196b4dd96b72eb
- SHA256
  
  00b298eb0d75725955d9da09e33bb625bb7415bf550abd655082f69666aa6500
- SHA512
  
  198544ccc224b03b0758f4eafc0fe3c4efc8ed59891b56ba81ada751723b58c7b2026022bf93e2509f564408b8e0855b14a904c3ad69fa12570b79eaf15f25ee
Score

10^/10

njrat hacked evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathackedevasiontrojan

behavioral2

njrathackedevasiontrojan