njrat | 60fbfae93eb2f1aedf9f77ea6ee2d46b1f2b050ac3460219a525531c39890630 | Triage

Sharing

General

Target

4b48773aca579ec261eec75a86292e0e.exe
Size

158KB
Sample

220908-l1823sbdhk
MD5

4b48773aca579ec261eec75a86292e0e
SHA1

efd054d02335da2bc2bf494ce8c0e8f67345d03b
SHA256

60fbfae93eb2f1aedf9f77ea6ee2d46b1f2b050ac3460219a525531c39890630
SHA512

c5c83d40024b808c619d4a0f0e44f5579a9cb87d9bc5559c7e64ed2faceccce2300b20c80edaa613fa870777311872557f712036f461516db7d84d43898cd664
SSDEEP

3072:/DLeUFzL1a1G4irMnO41dtHkU3yVIuCehX1eBALfC10M4RD/:S1uwnO41dKpLCkeBoC10ME

Score

10^/10

njrat evasion persistence trojan

Malware Config

Targets

- Target
  
  4b48773aca579ec261eec75a86292e0e.exe
- Size
  
  158KB
- MD5
  
  4b48773aca579ec261eec75a86292e0e
- SHA1
  
  efd054d02335da2bc2bf494ce8c0e8f67345d03b
- SHA256
  
  60fbfae93eb2f1aedf9f77ea6ee2d46b1f2b050ac3460219a525531c39890630
- SHA512
  
  c5c83d40024b808c619d4a0f0e44f5579a9cb87d9bc5559c7e64ed2faceccce2300b20c80edaa613fa870777311872557f712036f461516db7d84d43898cd664
- SSDEEP
  
  3072:/DLeUFzL1a1G4irMnO41dtHkU3yVIuCehX1eBALfC10M4RD/:S1uwnO41dKpLCkeBoC10ME
Score

10^/10

evasion persistence njrat trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

njratevasionpersistencetrojan