njrat | 16823e84f79ff25effec71838d5357035e6778623b4b7aa6c8414b143f624e9f | Triage

Sharing

General

Target

16823e84f79ff25effec71838d5357035e6778623b4b7aa6c8414b143f624e9f
Size

66KB
Sample

220630-w836xagbgn
MD5

bbc00ca1bca7f3d143d06f21f17f4750
SHA1

55a6fe845c048ffdc1f39f6e1e4c61e20539e093
SHA256

16823e84f79ff25effec71838d5357035e6778623b4b7aa6c8414b143f624e9f
SHA512

df03d0f5d9f7376c3b0834a703cc79c870c60117a2886e5a41b137d4fb505bc68c738be71259845e8df5cb4f076dbcd7954712ac86158cef13fc1e5059438bcd

Score

10^/10

njrat evasion persistence trojan

Malware Config

Targets

- Target
  
  16823e84f79ff25effec71838d5357035e6778623b4b7aa6c8414b143f624e9f
- Size
  
  66KB
- MD5
  
  bbc00ca1bca7f3d143d06f21f17f4750
- SHA1
  
  55a6fe845c048ffdc1f39f6e1e4c61e20539e093
- SHA256
  
  16823e84f79ff25effec71838d5357035e6778623b4b7aa6c8414b143f624e9f
- SHA512
  
  df03d0f5d9f7376c3b0834a703cc79c870c60117a2886e5a41b137d4fb505bc68c738be71259845e8df5cb4f076dbcd7954712ac86158cef13fc1e5059438bcd
Score

10^/10

njrat evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njratevasionpersistencetrojan

behavioral2

njratevasionpersistencetrojan