njrat | a0050d14eac902beea431892446e578054c4b2ba9af94571ea024bbc3c6841ab | Triage

Sharing

General

Target

a0050d14eac902beea431892446e578054c4b2ba9af94571ea024bbc3c6841ab
Size

6.3MB
Sample

220630-3le9wscdgq
MD5

2d60806c673098adf08437919162e2d3
SHA1

c714e5387ce1ee35e4cd5609d6e6676614ea2047
SHA256

a0050d14eac902beea431892446e578054c4b2ba9af94571ea024bbc3c6841ab
SHA512

84ea44515ad2a5dd26d5f2919e21f1010d341b371aec6b6f4e440abbc43d04391ec934eb329e1fa3f5d0919e4c08a9f5f990ff2a3fedc8e0698b9744d60823a1

Score

10^/10

njrat hacked evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

37.1.215.39:5554

Mutex

f704da8f7e6285f60ed411ae6b3239bf

Attributes

reg_key
f704da8f7e6285f60ed411ae6b3239bf
splitter
|'|'|

Targets

- Target
  
  a0050d14eac902beea431892446e578054c4b2ba9af94571ea024bbc3c6841ab
- Size
  
  6.3MB
- MD5
  
  2d60806c673098adf08437919162e2d3
- SHA1
  
  c714e5387ce1ee35e4cd5609d6e6676614ea2047
- SHA256
  
  a0050d14eac902beea431892446e578054c4b2ba9af94571ea024bbc3c6841ab
- SHA512
  
  84ea44515ad2a5dd26d5f2919e21f1010d341b371aec6b6f4e440abbc43d04391ec934eb329e1fa3f5d0919e4c08a9f5f990ff2a3fedc8e0698b9744d60823a1
Score

10^/10

njrat hacked evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathackedevasionpersistencetrojan

behavioral2

njrathackedevasionpersistencetrojan