njrat | 28d9c94fe4df6182e2a59cd806837ea242dd7971a44cc6f132220ab45e3ec27c | Triage

Sharing

General

Target

28d9c94fe4df6182e2a59cd806837ea242dd7971a44cc6f132220ab45e3ec27c
Size

93KB
Sample

220708-s9zckabac9
MD5

ad5ffd5268a01b519b539f1233b52fee
SHA1

1dde3b4a1c4b9b1ac753d649bf16f14744331e39
SHA256

28d9c94fe4df6182e2a59cd806837ea242dd7971a44cc6f132220ab45e3ec27c
SHA512

f73539047ac22ec1e3c1dd73401116b35cb43d305229f2c3bbc1ba89f1129fd05db8cb8db4bda7c8ac4970bc07fdb578568d80aa4e1bdaec319530f31ea32bd1

Score

10^/10

njrat hacker evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

hacker

C2

FRANSESCOTI3LjAuFRANSESCOC4x:MTYwNA==

Mutex

dfd6ed83b13338db2ca4f209d9a7474f

Attributes

reg_key
dfd6ed83b13338db2ca4f209d9a7474f
splitter
|'|'|

Targets

- Target
  
  28d9c94fe4df6182e2a59cd806837ea242dd7971a44cc6f132220ab45e3ec27c
- Size
  
  93KB
- MD5
  
  ad5ffd5268a01b519b539f1233b52fee
- SHA1
  
  1dde3b4a1c4b9b1ac753d649bf16f14744331e39
- SHA256
  
  28d9c94fe4df6182e2a59cd806837ea242dd7971a44cc6f132220ab45e3ec27c
- SHA512
  
  f73539047ac22ec1e3c1dd73401116b35cb43d305229f2c3bbc1ba89f1129fd05db8cb8db4bda7c8ac4970bc07fdb578568d80aa4e1bdaec319530f31ea32bd1
Score

10^/10

njrat hacker evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathackerevasiontrojan

behavioral2

njrathackerevasiontrojan