njrat | bda545a064501623ed0031faafaad588e31bdae02dd945413873f21ecb7fd96d | Triage

Sharing

General

Target

0030834bf67509153237ac832bc68649.exe
Size

351KB
Sample

220813-z1eecsebck
MD5

0030834bf67509153237ac832bc68649
SHA1

1e4802307ae8e4a8c75bb384762f4cd6db676884
SHA256

bda545a064501623ed0031faafaad588e31bdae02dd945413873f21ecb7fd96d
SHA512

9a26f24a53c929c470e87469dac4ead2064524d0f85e4ea0424695b2f7e6a200256886093ed1190373281498915aecad94d74e90302444c42bc92c876e85e50d

Score

10^/10

njrat hacked evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

easralahtane.ddns.net:3973

Mutex

de691f5a23326e1eca32cf33144b3175

Attributes

reg_key
de691f5a23326e1eca32cf33144b3175
splitter
|'|'|

Targets

- Target
  
  0030834bf67509153237ac832bc68649.exe
- Size
  
  351KB
- MD5
  
  0030834bf67509153237ac832bc68649
- SHA1
  
  1e4802307ae8e4a8c75bb384762f4cd6db676884
- SHA256
  
  bda545a064501623ed0031faafaad588e31bdae02dd945413873f21ecb7fd96d
- SHA512
  
  9a26f24a53c929c470e87469dac4ead2064524d0f85e4ea0424695b2f7e6a200256886093ed1190373281498915aecad94d74e90302444c42bc92c876e85e50d
Score

10^/10

njrat hacked evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathackedevasionpersistencetrojan

behavioral2

njratevasionpersistencetrojan