njrat | ecbb3b789818591d27f1730dfb72f6021303b7b88e19ac9c8dbf1366935e7af7 | Triage

Sharing

General

Target

ECBB3B789818591D27F1730DFB72F6021303B7B88E19A.exe
Size

301KB
Sample

220906-sklp6scbbn
MD5

ca67fbb1b2db6af5e9b317d60b3de797
SHA1

0d306f19b7b85d4f6550099231381751dee82058
SHA256

ecbb3b789818591d27f1730dfb72f6021303b7b88e19ac9c8dbf1366935e7af7
SHA512

593bb09d27dd2b9a00b23c2a04746a494c8a649c91a522e92d1e288ca85e7104acf1abff851aa65e85b12f9bba7f1e35e37df7aa144a2c9641a42098e07318ad
SSDEEP

768:ZNmV10bf2TKtClK1rM+rMRa8NuLptHqi:ZNmVaD6KtC8u+gRJNs

Score

10^/10

njrat hacked evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

4.tcp.ngrok.io:13648

Mutex

ef85f0aa7fc5c357737a6a24052fe823

Attributes

reg_key
ef85f0aa7fc5c357737a6a24052fe823
splitter
|'|'|

Targets

- Target
  
  ECBB3B789818591D27F1730DFB72F6021303B7B88E19A.exe
- Size
  
  301KB
- MD5
  
  ca67fbb1b2db6af5e9b317d60b3de797
- SHA1
  
  0d306f19b7b85d4f6550099231381751dee82058
- SHA256
  
  ecbb3b789818591d27f1730dfb72f6021303b7b88e19ac9c8dbf1366935e7af7
- SHA512
  
  593bb09d27dd2b9a00b23c2a04746a494c8a649c91a522e92d1e288ca85e7104acf1abff851aa65e85b12f9bba7f1e35e37df7aa144a2c9641a42098e07318ad
- SSDEEP
  
  768:ZNmV10bf2TKtClK1rM+rMRa8NuLptHqi:ZNmVaD6KtC8u+gRJNs
Score

10^/10

njrat hacked evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathackedevasionpersistencetrojan

behavioral2

njrathackedevasionpersistencetrojan