njrat | 3e49ee97714da6fdde1963624b2fdfa24a368c68a151630276b272163ce43f9d | Triage

Sharing

General

Target

3e49ee97714da6fdde1963624b2fdfa24a368c68a151630276b272163ce43f9d
Size

31KB
Sample

220521-am7fjsaec3
MD5

4c3fe802909235ddb4202eda5ead4d1e
SHA1

1e6f88ead6df2d9f1c99e037f2a6141bcf65aa59
SHA256

3e49ee97714da6fdde1963624b2fdfa24a368c68a151630276b272163ce43f9d
SHA512

845c1fb3bea189e927df5b3e04eb87744eec04cabbc07d86a5760749613876858aab7a1a3bdf58973dbbc0a0f7851644c399b6771125e0ca7d5be7c1250f966d

Score

10^/10

njrat q evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

q

C2

192.168.1.3:7777

Mutex

ad0e8fb502ecf928942daab540ba981e

Attributes

reg_key
ad0e8fb502ecf928942daab540ba981e
splitter
Y262SUCZ4UJJ

Targets

- Target
  
  3e49ee97714da6fdde1963624b2fdfa24a368c68a151630276b272163ce43f9d
- Size
  
  31KB
- MD5
  
  4c3fe802909235ddb4202eda5ead4d1e
- SHA1
  
  1e6f88ead6df2d9f1c99e037f2a6141bcf65aa59
- SHA256
  
  3e49ee97714da6fdde1963624b2fdfa24a368c68a151630276b272163ce43f9d
- SHA512
  
  845c1fb3bea189e927df5b3e04eb87744eec04cabbc07d86a5760749613876858aab7a1a3bdf58973dbbc0a0f7851644c399b6771125e0ca7d5be7c1250f966d
Score

10^/10

njrat q evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njratqevasiontrojan

behavioral2

njratqevasiontrojan