njrat | 438e98b6196ec0e9207a27e2b18bfe76c99a63c1e2bed8db1482eeeaea88a00d | Triage

Sharing

General

Target

438e98b6196ec0e9207a27e2b18bfe76c99a63c1e2bed8db1482eeeaea88a00d
Size

22KB
Sample

220707-2ftpnagfb3
MD5

97eebaae286dd77c78f2fa727b6b11df
SHA1

4f1221c430dca2b619d3b5525de5e79efa91cca1
SHA256

438e98b6196ec0e9207a27e2b18bfe76c99a63c1e2bed8db1482eeeaea88a00d
SHA512

1d91e1494a10f68849d91d07c670d8892a5b30020cc642d558187f389db25cc9fbbf8b6c8f7c7e1f1a031567c303b20eda983e957e1ca002178ac543b38da77e

Score

10^/10

njrat home evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Home

C2

njfree2play.cloudns.cc:8859

Mutex

f15e7256debf3109725ba841f67de129

Attributes

reg_key
f15e7256debf3109725ba841f67de129
splitter
|'|'|

Targets

- Target
  
  438e98b6196ec0e9207a27e2b18bfe76c99a63c1e2bed8db1482eeeaea88a00d
- Size
  
  22KB
- MD5
  
  97eebaae286dd77c78f2fa727b6b11df
- SHA1
  
  4f1221c430dca2b619d3b5525de5e79efa91cca1
- SHA256
  
  438e98b6196ec0e9207a27e2b18bfe76c99a63c1e2bed8db1482eeeaea88a00d
- SHA512
  
  1d91e1494a10f68849d91d07c670d8892a5b30020cc642d558187f389db25cc9fbbf8b6c8f7c7e1f1a031567c303b20eda983e957e1ca002178ac543b38da77e
Score

10^/10

njrat home evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathomeevasionpersistencetrojan

behavioral2

njrathomeevasionpersistencetrojan