njrat | 7707d1e0c7a228b3f5b96e36cdf5e078314acd324c47f8b10187e6f394def8f0 | Triage

Sharing

General

Target

7707d1e0c7a228b3f5b96e36cdf5e078314acd324c47f8b10187e6f394def8f0
Size

37KB
Sample

220630-xajv2sgcdm
MD5

3478d1c07fc20f5109124b7e121f5a36
SHA1

b2dc2dac6f5e08d851410596c4965a451a940894
SHA256

7707d1e0c7a228b3f5b96e36cdf5e078314acd324c47f8b10187e6f394def8f0
SHA512

74941de3551d9036dc84edc4d67b4b4e9208810d533cc8e8a4918814544b7a688f745ee6fdf05200bb5720afa952ec0b0c9689b824b5d3517c466031de2a3209

Score

10^/10

njrat hacked evasion trojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

svalkabomja333.hopto.org:1978

Mutex

ee612de36a0d05a31f32d8a935cab2af

Attributes

reg_key
ee612de36a0d05a31f32d8a935cab2af
splitter
|'|'|

Targets

- Target
  
  7707d1e0c7a228b3f5b96e36cdf5e078314acd324c47f8b10187e6f394def8f0
- Size
  
  37KB
- MD5
  
  3478d1c07fc20f5109124b7e121f5a36
- SHA1
  
  b2dc2dac6f5e08d851410596c4965a451a940894
- SHA256
  
  7707d1e0c7a228b3f5b96e36cdf5e078314acd324c47f8b10187e6f394def8f0
- SHA512
  
  74941de3551d9036dc84edc4d67b4b4e9208810d533cc8e8a4918814544b7a688f745ee6fdf05200bb5720afa952ec0b0c9689b824b5d3517c466031de2a3209
Score

10^/10

njrat hacked evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathackedevasiontrojan

behavioral2

njrathackedevasiontrojan