njrat | 792d4d7a1a0c7b192b231f03ef1b2c905f382a152bfc145702f2902c9e8efc79 | Triage

Sharing

General

Target

792d4d7a1a0c7b192b231f03ef1b2c905f382a152bfc145702f2902c9e8efc79
Size

93KB
Sample

220524-1sr6xshcg5
MD5

618baf8e7c20ee01ebddec4d8830ab71
SHA1

5006da7e81c4b1b20607f1a201f92526c0861238
SHA256

792d4d7a1a0c7b192b231f03ef1b2c905f382a152bfc145702f2902c9e8efc79
SHA512

1d02345297c0fe5243674024934be9beca6cc2108bd83eb594cc82054dea117823d5f6940245438cf65e8078cdc1d64daac2b81d954e9666b84d0c4bdc7530e4

Score

10^/10

njrat hacker evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Hacker

C2

aGFja2hvc3RuYW1lLmhvcHRvLm9yZwStrikStrik:MTk4NA==

Mutex

c6941743bce17ae335bca7d6739b33d7

Attributes

reg_key
c6941743bce17ae335bca7d6739b33d7
splitter
|'|'|

Targets

- Target
  
  792d4d7a1a0c7b192b231f03ef1b2c905f382a152bfc145702f2902c9e8efc79
- Size
  
  93KB
- MD5
  
  618baf8e7c20ee01ebddec4d8830ab71
- SHA1
  
  5006da7e81c4b1b20607f1a201f92526c0861238
- SHA256
  
  792d4d7a1a0c7b192b231f03ef1b2c905f382a152bfc145702f2902c9e8efc79
- SHA512
  
  1d02345297c0fe5243674024934be9beca6cc2108bd83eb594cc82054dea117823d5f6940245438cf65e8078cdc1d64daac2b81d954e9666b84d0c4bdc7530e4
Score

10^/10

njrat hacker evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Disables Task Manager via registry modification
  evasion
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathackerevasiontrojan

behavioral2

njrathackerevasiontrojan