njrat | 4c14fddc8480eaa2c22db0535dda8334452ef3d925b6ad81ded7d51471ea3de3 | Triage

Sharing

General

Target

4c14fddc8480eaa2c22db0535dda8334452ef3d925b6ad81ded7d51471ea3de3
Size

23KB
Sample

220520-fpar9abac5
MD5

ca81d2d0a301e1be87468d1d01bf0d82
SHA1

aa5ce41cc6f0f38ebdca1fc594be7ac2f5e0a9ef
SHA256

4c14fddc8480eaa2c22db0535dda8334452ef3d925b6ad81ded7d51471ea3de3
SHA512

f1c662e432b334988b1cd9508f0059898ff5e48ad418478e6eceb540c1c59733f0299e0c00f0f79f4e15bda42fa12291d4140f83f0b8d1c6481c8d8b690b1231

Score

10^/10

njrat hacked evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

xloil1320.myftp.biz:1177

Mutex

0e61fb5748277b13987b2a3f92ca758c

Attributes

reg_key
0e61fb5748277b13987b2a3f92ca758c
splitter
|'|'|

Targets

- Target
  
  4c14fddc8480eaa2c22db0535dda8334452ef3d925b6ad81ded7d51471ea3de3
- Size
  
  23KB
- MD5
  
  ca81d2d0a301e1be87468d1d01bf0d82
- SHA1
  
  aa5ce41cc6f0f38ebdca1fc594be7ac2f5e0a9ef
- SHA256
  
  4c14fddc8480eaa2c22db0535dda8334452ef3d925b6ad81ded7d51471ea3de3
- SHA512
  
  f1c662e432b334988b1cd9508f0059898ff5e48ad418478e6eceb540c1c59733f0299e0c00f0f79f4e15bda42fa12291d4140f83f0b8d1c6481c8d8b690b1231
Score

10^/10

njrat hacked evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathackedevasionpersistencetrojan

behavioral2

njrathackedevasionpersistencetrojan