njrat | c17ad5f2b4e81d534d3d4b860035229fed4ad4b7e1b48592063fd6064cfa37ff | Triage

Sharing

General

Target

openme.exe
Size

37KB
Sample

220720-abnjashfb4
MD5

7e2e6b293da2f65a58ddf884114327bd
SHA1

47e7e8e422fdddf1db21b0329d7e8e1531db141e
SHA256

c17ad5f2b4e81d534d3d4b860035229fed4ad4b7e1b48592063fd6064cfa37ff
SHA512

eb4a0ae038e10e772436387687df6e5327f50a5cfe553a2eba23875102d45bbed922c2c88190a19430a7a260765b39671607c241f79df5550b62b2e173fcaa53

Score

10^/10

njrat hacked evasion trojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

0.tcp.eu.ngrok.io:15864

Mutex

b9d94bdddaa4c6b50334a7e90f498b3f

Attributes

reg_key
b9d94bdddaa4c6b50334a7e90f498b3f
splitter
|'|'|

Targets

- Target
  
  openme.exe
- Size
  
  37KB
- MD5
  
  7e2e6b293da2f65a58ddf884114327bd
- SHA1
  
  47e7e8e422fdddf1db21b0329d7e8e1531db141e
- SHA256
  
  c17ad5f2b4e81d534d3d4b860035229fed4ad4b7e1b48592063fd6064cfa37ff
- SHA512
  
  eb4a0ae038e10e772436387687df6e5327f50a5cfe553a2eba23875102d45bbed922c2c88190a19430a7a260765b39671607c241f79df5550b62b2e173fcaa53
Score

10^/10

njrat hacked evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackedevasiontrojan

behavioral2

njrathackedevasiontrojan