njrat | a592ea7e651bdf94a65cd471fcddb7daf1bdc2168164b2008543ebfff9c69f6c | Triage

Sharing

General

Target

a592ea7e651bdf94a65cd471fcddb7daf1bdc2168164b2008543ebfff9c69f6c
Size

32KB
Sample

220521-m11w5sfhgl
MD5

329fb77ef9c38388c146e32148cb29df
SHA1

0a6b14098dd89f97a27208b37cfb43197b8bc0a8
SHA256

a592ea7e651bdf94a65cd471fcddb7daf1bdc2168164b2008543ebfff9c69f6c
SHA512

3f561e5f19848c41a3107eacd83445eed36012a5595d5fcebdb37425c3bf49dfc458ae3f999f9bf7da5706d267fec4b8be89681f155149a07f2d229a10926955

Score

10^/10

njrat hacked by hidden person evasion persistence trojan

Malware Config

Extracted

Family

njrat

Botnet

Hacked By HiDDen PerSOn

Mutex

64d9c8cb143e6b529eeac073e6e1e511

Attributes

reg_key
64d9c8cb143e6b529eeac073e6e1e511

Targets

- Target
  
  a592ea7e651bdf94a65cd471fcddb7daf1bdc2168164b2008543ebfff9c69f6c
- Size
  
  32KB
- MD5
  
  329fb77ef9c38388c146e32148cb29df
- SHA1
  
  0a6b14098dd89f97a27208b37cfb43197b8bc0a8
- SHA256
  
  a592ea7e651bdf94a65cd471fcddb7daf1bdc2168164b2008543ebfff9c69f6c
- SHA512
  
  3f561e5f19848c41a3107eacd83445eed36012a5595d5fcebdb37425c3bf49dfc458ae3f999f9bf7da5706d267fec4b8be89681f155149a07f2d229a10926955
Score

10^/10

njrat hacked by hidden person evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

hacked by hidden personnjrat

behavioral1

njrathacked by hidden personevasionpersistencetrojan

behavioral2

njrathacked by hidden personevasionpersistencetrojan