njrat | 30a1c47c640de86c7a315b94519678372dec89ff78e05690b93cfd180cb66f86 | Triage

Sharing

General

Target

Doc Exploit.exe
Size

962KB
Sample

220721-lp49raehcl
MD5

1daa09b102d6ab7c6018c1eef85b5ede
SHA1

f78812012be7b8835a20f304ae23f7b27e1e43f2
SHA256

30a1c47c640de86c7a315b94519678372dec89ff78e05690b93cfd180cb66f86
SHA512

aa22a9e33e81dca276081b86406594df2aebfc52414f5a86b95f591ed163d7ae77d9012badaf1cacbc3ce7027cc0bae86d66233337eae222c1a13fa24b4ca57e

Score

10^/10

njrat hacked evasion trojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

contents-burn.at.playit.gg:50182

Mutex

5276b1886f2a5c8a7d50871be674198b

Attributes

reg_key
5276b1886f2a5c8a7d50871be674198b
splitter
|'|'|

Targets

- Target
  
  Doc Exploit.exe
- Size
  
  962KB
- MD5
  
  1daa09b102d6ab7c6018c1eef85b5ede
- SHA1
  
  f78812012be7b8835a20f304ae23f7b27e1e43f2
- SHA256
  
  30a1c47c640de86c7a315b94519678372dec89ff78e05690b93cfd180cb66f86
- SHA512
  
  aa22a9e33e81dca276081b86406594df2aebfc52414f5a86b95f591ed163d7ae77d9012badaf1cacbc3ce7027cc0bae86d66233337eae222c1a13fa24b4ca57e
Score

10^/10

njrat hacked evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackedevasiontrojan

behavioral2

njrathackedevasiontrojan

behavioral3

njrathackedevasiontrojan

behavioral4