njrat | bbe3bb456394346435ba7c03027036a65a9bd3dd8b15dc0b294f674640a33fd4 | Triage

Sharing

General

Target

bbe3bb456394346435ba7c03027036a65a9bd3dd8b15dc0b294f674640a33fd4
Size

31KB
Sample

220724-v1ja4acfen
MD5

478b9a6218f8bf2c46ef1b7c4d7475a2
SHA1

2f36ee2ffa5d7c2474ffb6724ef3b253aa4dec61
SHA256

bbe3bb456394346435ba7c03027036a65a9bd3dd8b15dc0b294f674640a33fd4
SHA512

53d3920648da1fcd58204557503918dbfed21cb4d3219598b2b272a7db071bd50f6f2564656ce9c126027aa174d17431f824035740e37c4d9aea8cba2c2d44bc

Score

10^/10

njrat hacked trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

31.132.178.127:5552

Mutex

8ea42c3d6725037d40ed897465284a04

Attributes

reg_key
8ea42c3d6725037d40ed897465284a04
splitter
Y262SUCZ4UJJ

Targets

- Target
  
  bbe3bb456394346435ba7c03027036a65a9bd3dd8b15dc0b294f674640a33fd4
- Size
  
  31KB
- MD5
  
  478b9a6218f8bf2c46ef1b7c4d7475a2
- SHA1
  
  2f36ee2ffa5d7c2474ffb6724ef3b253aa4dec61
- SHA256
  
  bbe3bb456394346435ba7c03027036a65a9bd3dd8b15dc0b294f674640a33fd4
- SHA512
  
  53d3920648da1fcd58204557503918dbfed21cb4d3219598b2b272a7db071bd50f6f2564656ce9c126027aa174d17431f824035740e37c4d9aea8cba2c2d44bc
Score

10^/10

njrat hacked trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathackedtrojan

behavioral2

njrathackedtrojan