njrat | 1c01402caca44bb88644241d8759f29b5ab70bce7640429485c1ab42d35f54b0 | Triage

Sharing

General

Target

1c01402caca44bb88644241d8759f29b5ab70bce7640429485c1ab42d35f54b0
Size

37KB
Sample

220520-w39fqsbhh4
MD5

8a3c07e101a69711eee5c4f21c4a5199
SHA1

86c4438cb25b6bc2e7f4b3865f809bddcd7ea096
SHA256

1c01402caca44bb88644241d8759f29b5ab70bce7640429485c1ab42d35f54b0
SHA512

8b582230e9a67397fd3f36fd1b9c91331852332b27807696faf809163b6474384a6aa6c3599c96d7b6d25ee917fea962f6af8a334045103c4687f9302b8ed62e

Score

10^/10

njrat hacked evasion trojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

192.168.0.12:5552

Mutex

536ec81ea4d08ca810ee637d596cf35e

Attributes

reg_key
536ec81ea4d08ca810ee637d596cf35e
splitter
|'|'|

Targets

- Target
  
  1c01402caca44bb88644241d8759f29b5ab70bce7640429485c1ab42d35f54b0
- Size
  
  37KB
- MD5
  
  8a3c07e101a69711eee5c4f21c4a5199
- SHA1
  
  86c4438cb25b6bc2e7f4b3865f809bddcd7ea096
- SHA256
  
  1c01402caca44bb88644241d8759f29b5ab70bce7640429485c1ab42d35f54b0
- SHA512
  
  8b582230e9a67397fd3f36fd1b9c91331852332b27807696faf809163b6474384a6aa6c3599c96d7b6d25ee917fea962f6af8a334045103c4687f9302b8ed62e
Score

10^/10

njrat hacked evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathackedevasiontrojan

behavioral2

njrathackedevasiontrojan