njrat | c4906d9e92bbbb0302f3409adb459b9bc31f75282780a9a56b6bff2bc908715b | Triage

Sharing

General

Target

c4906d9e92bbbb0302f3409adb459b9bc31f75282780a9a56b6bff2bc908715b
Size

168KB
Sample

220702-xek9nsahc2
MD5

0ead8bf1a82f825a23acba001fa5d8f4
SHA1

d53abb4494d355f6954cea7ba866588593934992
SHA256

c4906d9e92bbbb0302f3409adb459b9bc31f75282780a9a56b6bff2bc908715b
SHA512

5fda6c76bb39547844114ded578f7881fa9433d8da45d4df67c48cc17a9fce90b90c918e9cc4611b6bb86cef444cb00b11f10d219d3d1eb33f713b4741f8dc05

Score

10^/10

njrat hacked evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

127.0.0.1:1234

Mutex

cc0012ca95288ee5cb550c3649e082f9

Attributes

reg_key
cc0012ca95288ee5cb550c3649e082f9
splitter
|'|'|

Targets

- Target
  
  c4906d9e92bbbb0302f3409adb459b9bc31f75282780a9a56b6bff2bc908715b
- Size
  
  168KB
- MD5
  
  0ead8bf1a82f825a23acba001fa5d8f4
- SHA1
  
  d53abb4494d355f6954cea7ba866588593934992
- SHA256
  
  c4906d9e92bbbb0302f3409adb459b9bc31f75282780a9a56b6bff2bc908715b
- SHA512
  
  5fda6c76bb39547844114ded578f7881fa9433d8da45d4df67c48cc17a9fce90b90c918e9cc4611b6bb86cef444cb00b11f10d219d3d1eb33f713b4741f8dc05
Score

10^/10

njrat hacked evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathackedevasiontrojan

behavioral2

njrathackedevasiontrojan