njrat | 5e220b16575e55b589df04d15e2806160345f4d588bc659be5f3090919dd4be5 | Triage

Sharing

General

Target

5e220b16575e55b589df04d15e2806160345f4d588bc659be5f3090919dd4be5
Size

28KB
Sample

220731-z6k44ahgfn
MD5

09d9d38a61ca864ddca8c576b9a3526f
SHA1

03df810dc2f1b2bfd240a6532cd36e0965fa8dc8
SHA256

5e220b16575e55b589df04d15e2806160345f4d588bc659be5f3090919dd4be5
SHA512

ab950d0ab1567f7dac126d275797c7be2ba3b017b5c2a2cf4361dc675bd62631f6e65c5e3a37ab1d01d24fbbf085777d46be2bfe447f5cf53ad7c9a7d87b7c5b

Score

10^/10

njrat hacked evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

127.0.0.1:1177

Mutex

212683d986fb740ad6a40184df48e604

Attributes

reg_key
212683d986fb740ad6a40184df48e604
splitter
|'|'|

Targets

- Target
  
  5e220b16575e55b589df04d15e2806160345f4d588bc659be5f3090919dd4be5
- Size
  
  28KB
- MD5
  
  09d9d38a61ca864ddca8c576b9a3526f
- SHA1
  
  03df810dc2f1b2bfd240a6532cd36e0965fa8dc8
- SHA256
  
  5e220b16575e55b589df04d15e2806160345f4d588bc659be5f3090919dd4be5
- SHA512
  
  ab950d0ab1567f7dac126d275797c7be2ba3b017b5c2a2cf4361dc675bd62631f6e65c5e3a37ab1d01d24fbbf085777d46be2bfe447f5cf53ad7c9a7d87b7c5b
Score

10^/10

njrat hacked evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathackedevasionpersistencetrojan

behavioral2

njrathackedevasionpersistencetrojan