njrat | 54b6ce2663e7cdf44db37419da499fa88c6369a9a5da633254e0d9d09d82eca8 | Triage

Sharing

General

Target

54b6ce2663e7cdf44db37419da499fa88c6369a9a5da633254e0d9d09d82eca8
Size

23KB
Sample

220725-w44lwahha9
MD5

be87ae8f4a404b6d7506d44fd6f0b999
SHA1

230dc14941c6d7e56f75473059ad4c867147c4a9
SHA256

54b6ce2663e7cdf44db37419da499fa88c6369a9a5da633254e0d9d09d82eca8
SHA512

5f2fe1e0a1998e675b97733d1371e1eb2d68110461a5c1eb7bf6459127428d4d8fb55ca07b300184e2986208dc1cd98f441751dcd4f805a1d156d493967aa953

Score

10^/10

njrat hacked evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

192.168.1.10:5252

Mutex

9dce19494c571162a06873106ec1fb31

Attributes

reg_key
9dce19494c571162a06873106ec1fb31
splitter
|'|'|

Targets

- Target
  
  54b6ce2663e7cdf44db37419da499fa88c6369a9a5da633254e0d9d09d82eca8
- Size
  
  23KB
- MD5
  
  be87ae8f4a404b6d7506d44fd6f0b999
- SHA1
  
  230dc14941c6d7e56f75473059ad4c867147c4a9
- SHA256
  
  54b6ce2663e7cdf44db37419da499fa88c6369a9a5da633254e0d9d09d82eca8
- SHA512
  
  5f2fe1e0a1998e675b97733d1371e1eb2d68110461a5c1eb7bf6459127428d4d8fb55ca07b300184e2986208dc1cd98f441751dcd4f805a1d156d493967aa953
Score

10^/10

njrat hacked evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackedevasiontrojan

behavioral2

njrathackedevasiontrojan