njrat | be4e51ecca7a9cfb5ca39240ce27beea314be89af2bbf40dd4d5b2a8d3203c98 | Triage

Sharing

General

Target

be4e51ecca7a9cfb5ca39240ce27beea314be89af2bbf40dd4d5b2a8d3203c98
Size

31KB
Sample

220521-aekxksdaap
MD5

18fd235145f8ab58e1459ca717da16f8
SHA1

feccaf6747cbcb7d4adcec37886f107ed4135597
SHA256

be4e51ecca7a9cfb5ca39240ce27beea314be89af2bbf40dd4d5b2a8d3203c98
SHA512

0df79707f6d2b26d06c47827f8207b1c74322483676b7d7be72d28bb8bae6c54b2cef8c8ade5360fe87b6f21af0418b4bb87f0ee76ad42a2eb4e329dd3a44f45

Score

10^/10

njrat faust evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Faust

C2

192.168.88.12:7777

Mutex

77beb3e67b10486d166a5b0f147439dc

Attributes

reg_key
77beb3e67b10486d166a5b0f147439dc
splitter
Y262SUCZ4UJJ

Targets

- Target
  
  be4e51ecca7a9cfb5ca39240ce27beea314be89af2bbf40dd4d5b2a8d3203c98
- Size
  
  31KB
- MD5
  
  18fd235145f8ab58e1459ca717da16f8
- SHA1
  
  feccaf6747cbcb7d4adcec37886f107ed4135597
- SHA256
  
  be4e51ecca7a9cfb5ca39240ce27beea314be89af2bbf40dd4d5b2a8d3203c98
- SHA512
  
  0df79707f6d2b26d06c47827f8207b1c74322483676b7d7be72d28bb8bae6c54b2cef8c8ade5360fe87b6f21af0418b4bb87f0ee76ad42a2eb4e329dd3a44f45
Score

10^/10

njrat faust evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njratfaustevasionpersistencetrojan

behavioral2

njratfaustevasionpersistencetrojan