njrat | b73fb41a78d5f93cc9baca9da7528f7e31772810832a1e062ac65da09ca44474 | Triage

Sharing

General

Target

b73fb41a78d5f93cc9baca9da7528f7e31772810832a1e062ac65da09ca44474
Size

159KB
Sample

220701-fmptdsdaeq
MD5

e2a7be7788bbe77180c5ca2a6c308530
SHA1

f682ac9bbb49e8e5e3b50bcdda276f7d219f3126
SHA256

b73fb41a78d5f93cc9baca9da7528f7e31772810832a1e062ac65da09ca44474
SHA512

f43325201ffced9e18132b92df6a22b70516355aa49c6e7ee4b1826ed17dc4e0bd47d5b49b253fed7bdd71a90ea1b8744ffc2dd5e7f455ac2a45e93e28d60308

Score

10^/10

njrat trojan

Malware Config

Targets

- Target
  
  b73fb41a78d5f93cc9baca9da7528f7e31772810832a1e062ac65da09ca44474
- Size
  
  159KB
- MD5
  
  e2a7be7788bbe77180c5ca2a6c308530
- SHA1
  
  f682ac9bbb49e8e5e3b50bcdda276f7d219f3126
- SHA256
  
  b73fb41a78d5f93cc9baca9da7528f7e31772810832a1e062ac65da09ca44474
- SHA512
  
  f43325201ffced9e18132b92df6a22b70516355aa49c6e7ee4b1826ed17dc4e0bd47d5b49b253fed7bdd71a90ea1b8744ffc2dd5e7f455ac2a45e93e28d60308
Score

10^/10

njrat trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2