njrat | 850072b510695bd8649daad557e371b869054361e888d1aa4ffa51cf8e8c7c87 | Triage

Sharing

General

Target

850072b510695bd8649daad557e371b869054361e888d1aa4ffa51cf8e8c7c87
Size

37KB
Sample

220521-avz2fadghl
MD5

bb9d4ebcc754a7e6cb7536b735d85fdf
SHA1

62a93b979c2634af2b39520df73249747bbed84c
SHA256

850072b510695bd8649daad557e371b869054361e888d1aa4ffa51cf8e8c7c87
SHA512

e727a8e987da902339c6ceef93e163fedaa8a0a03c5e0784ac919653f0428f8723ebab7d232cef80bd1337956254c4333fba500ee85fdfdc2a80884822e48363

Score

10^/10

njrat hacked evasion trojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

miop.ddns.net:2280

Mutex

18df5afc301de09badbb5fa494c2daf3

Attributes

reg_key
18df5afc301de09badbb5fa494c2daf3
splitter
|'|'|

Targets

- Target
  
  850072b510695bd8649daad557e371b869054361e888d1aa4ffa51cf8e8c7c87
- Size
  
  37KB
- MD5
  
  bb9d4ebcc754a7e6cb7536b735d85fdf
- SHA1
  
  62a93b979c2634af2b39520df73249747bbed84c
- SHA256
  
  850072b510695bd8649daad557e371b869054361e888d1aa4ffa51cf8e8c7c87
- SHA512
  
  e727a8e987da902339c6ceef93e163fedaa8a0a03c5e0784ac919653f0428f8723ebab7d232cef80bd1337956254c4333fba500ee85fdfdc2a80884822e48363
Score

10^/10

njrat hacked evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathackedevasiontrojan

behavioral2

njrathackedevasiontrojan