njrat | 443f6b2e2a78e15b7b021d8201a4327c8d118acb37c5f73e105cd271cac80231 | Triage

Sharing

General

Target

443f6b2e2a78e15b7b021d8201a4327c8d118acb37c5f73e105cd271cac80231
Size

23KB
Sample

220707-yvdp7sacar
MD5

b188235acf8ec5231371ec357be3ee3f
SHA1

684ab6a75ea1a680318cf2165757a37ccb5f74a9
SHA256

443f6b2e2a78e15b7b021d8201a4327c8d118acb37c5f73e105cd271cac80231
SHA512

6c8da53156b5047385ad6ca88759aa640ff6063eb5979f01b44140e0b914933d9ba7bb6c613377f652d202d55baf30ef5a68e8174c8e01ec00a4a618ad25939e

Score

10^/10

njrat combat arms evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Combat Arms

C2

cheatparalol123.ddns.net:5445

Mutex

c10eaae35ef449e02f37dd4780ccc899

Attributes

reg_key
c10eaae35ef449e02f37dd4780ccc899
splitter
|'|'|

Targets

- Target
  
  443f6b2e2a78e15b7b021d8201a4327c8d118acb37c5f73e105cd271cac80231
- Size
  
  23KB
- MD5
  
  b188235acf8ec5231371ec357be3ee3f
- SHA1
  
  684ab6a75ea1a680318cf2165757a37ccb5f74a9
- SHA256
  
  443f6b2e2a78e15b7b021d8201a4327c8d118acb37c5f73e105cd271cac80231
- SHA512
  
  6c8da53156b5047385ad6ca88759aa640ff6063eb5979f01b44140e0b914933d9ba7bb6c613377f652d202d55baf30ef5a68e8174c8e01ec00a4a618ad25939e
Score

10^/10

njrat combat arms evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

combat armsnjrat

behavioral1

njratcombat armsevasiontrojan

behavioral2

njratcombat armsevasiontrojan