njrat | ab4302fad26dea179980d3b1d2ec64870df2d2af69052306ac0e55ae08633515 | Triage

Sharing

General

Target

ab4302fad26dea179980d3b1d2ec64870df2d2af69052306ac0e55ae08633515
Size

23KB
Sample

220520-wq2v5aeedl
MD5

831e1d0876a3645a8bb31786597cad58
SHA1

41d1869c8086c34b41198a02bfc1f075fe6511ff
SHA256

ab4302fad26dea179980d3b1d2ec64870df2d2af69052306ac0e55ae08633515
SHA512

0578ef5abfc543d952083d5b67a0d3008ede33aa2c5c9121c5189093c64268eb533b2b4ce8c270d1baecf7beff1abd7999e482248af142f6d372892e00463768

Score

10^/10

njrat hacked evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

127.0.0.1:5552

Mutex

23f0e3bce589df29a3e6f3e8879b41c1

Attributes

reg_key
23f0e3bce589df29a3e6f3e8879b41c1
splitter
|'|'|

Targets

- Target
  
  ab4302fad26dea179980d3b1d2ec64870df2d2af69052306ac0e55ae08633515
- Size
  
  23KB
- MD5
  
  831e1d0876a3645a8bb31786597cad58
- SHA1
  
  41d1869c8086c34b41198a02bfc1f075fe6511ff
- SHA256
  
  ab4302fad26dea179980d3b1d2ec64870df2d2af69052306ac0e55ae08633515
- SHA512
  
  0578ef5abfc543d952083d5b67a0d3008ede33aa2c5c9121c5189093c64268eb533b2b4ce8c270d1baecf7beff1abd7999e482248af142f6d372892e00463768
Score

10^/10

njrat hacked evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathackedevasiontrojan

behavioral2

njrathackedevasiontrojan