njrat | 423575ad91ae70f09cd2ed54b3028f37b5718c3645fdd76d3b19f2dd517e43fc | Triage

Sharing

General

Target

423575ad91ae70f09cd2ed54b3028f37b5718c3645fdd76d3b19f2dd517e43fc
Size

1.7MB
Sample

220708-dtxrgahcd9
MD5

e87887697ee952ece3847472ac83d62a
SHA1

62c9d2ae7bafa9c594230c570b66ec2d4fa674a6
SHA256

423575ad91ae70f09cd2ed54b3028f37b5718c3645fdd76d3b19f2dd517e43fc
SHA512

b9fe219f89dfc9e12871ccf03e7aa315f25f5520cf72f5c6312518600d72bc4ee7567869786732e09e8e5c4c7acafb8f5c463fd2335ba50707747f8f5816b731

Score

10^/10

njrat evasion persistence trojan

Malware Config

Targets

- Target
  
  423575ad91ae70f09cd2ed54b3028f37b5718c3645fdd76d3b19f2dd517e43fc
- Size
  
  1.7MB
- MD5
  
  e87887697ee952ece3847472ac83d62a
- SHA1
  
  62c9d2ae7bafa9c594230c570b66ec2d4fa674a6
- SHA256
  
  423575ad91ae70f09cd2ed54b3028f37b5718c3645fdd76d3b19f2dd517e43fc
- SHA512
  
  b9fe219f89dfc9e12871ccf03e7aa315f25f5520cf72f5c6312518600d72bc4ee7567869786732e09e8e5c4c7acafb8f5c463fd2335ba50707747f8f5816b731
Score

10^/10

evasion persistence njrat trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

njratevasionpersistencetrojan