njrat | b964a66b64e28d8af593c38e39c2aec483d687593ebe64a04aecc5326f34b31b | Triage

Sharing

General

Target

b964a66b64e28d8af593c38e39c2aec483d687593ebe64a04aecc5326f34b31b
Size

93KB
Sample

220731-hsvb6sdfe4
MD5

3ba6a42a36a167bde629b4e8dcc8ff95
SHA1

b49aa395634d434a84a264d50037a17281e2a9f4
SHA256

b964a66b64e28d8af593c38e39c2aec483d687593ebe64a04aecc5326f34b31b
SHA512

59776c41762279b98737521b59d2c5ef8c4d3384465c061c1b041c5675ba6af0ac6f00e548d69a021a34bd903d5131e7971051b1ef34f6f3f071832767bf8503

Score

10^/10

njrat hacked evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

FRANSESCOTI3LjAuFRANSESCOC4x:MTYwNA==

Mutex

6e03cdb684215a5d1cd8a13afcd46ec0

Attributes

reg_key
6e03cdb684215a5d1cd8a13afcd46ec0
splitter
|'|'|

Targets

- Target
  
  b964a66b64e28d8af593c38e39c2aec483d687593ebe64a04aecc5326f34b31b
- Size
  
  93KB
- MD5
  
  3ba6a42a36a167bde629b4e8dcc8ff95
- SHA1
  
  b49aa395634d434a84a264d50037a17281e2a9f4
- SHA256
  
  b964a66b64e28d8af593c38e39c2aec483d687593ebe64a04aecc5326f34b31b
- SHA512
  
  59776c41762279b98737521b59d2c5ef8c4d3384465c061c1b041c5675ba6af0ac6f00e548d69a021a34bd903d5131e7971051b1ef34f6f3f071832767bf8503
Score

10^/10

njrat hacked evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathackedevasiontrojan

behavioral2

njrathackedevasiontrojan