njrat | 18760d2630ab242b6275c7515f18b48aee0703f82be8da6a826129453d5b1fcb | Triage

Sharing

General

Target

18760d2630ab242b6275c7515f18b48aee0703f82be8da6a826129453d5b1fcb
Size

93KB
Sample

220731-ja71zseed9
MD5

bc90da2cf4aa2fdd091d4db19fdf1fc6
SHA1

0f20356cfe7fbbaf32c3ad726b510ced471e5f79
SHA256

18760d2630ab242b6275c7515f18b48aee0703f82be8da6a826129453d5b1fcb
SHA512

7b7c6b6d9c60e1d8ec203642a4919ce75411f49b5caac000e69818386cf800e6d34c1a5d2144e5acbee27995a064b6daaa0b74e6e2dbd8c754c7a25ecfdda88e

Score

10^/10

njrat hacked evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

FRANSESCOTI3LjAuFRANSESCOC4x:MTYwNA==

Mutex

f6e28e588d4960673b87689407900074

Attributes

reg_key
f6e28e588d4960673b87689407900074
splitter
|'|'|

Targets

- Target
  
  18760d2630ab242b6275c7515f18b48aee0703f82be8da6a826129453d5b1fcb
- Size
  
  93KB
- MD5
  
  bc90da2cf4aa2fdd091d4db19fdf1fc6
- SHA1
  
  0f20356cfe7fbbaf32c3ad726b510ced471e5f79
- SHA256
  
  18760d2630ab242b6275c7515f18b48aee0703f82be8da6a826129453d5b1fcb
- SHA512
  
  7b7c6b6d9c60e1d8ec203642a4919ce75411f49b5caac000e69818386cf800e6d34c1a5d2144e5acbee27995a064b6daaa0b74e6e2dbd8c754c7a25ecfdda88e
Score

10^/10

njrat hacked evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathackedevasiontrojan

behavioral2

njrathackedevasiontrojan