njrat | 060032a96340a43e32383dbc1f8723eda945a7d1c3d2f7201b36efd3b98d858e | Triage

Sharing

General

Target

2fe56b2f6d9a5c054b76747dd267b97d.exe
Size

333KB
Sample

220925-h6nfsafagj
MD5

2fe56b2f6d9a5c054b76747dd267b97d
SHA1

3737c981dab10ca7b676a3456315f7d59ac3f967
SHA256

060032a96340a43e32383dbc1f8723eda945a7d1c3d2f7201b36efd3b98d858e
SHA512

6cf11227817dae593c4e82465dc7080eca4a3767716daf47e53b55938f095349279079a0c7b7e70ed04567896517a2c06d44f540e605e5ec89f51283e6024d85
SSDEEP

6144:H8JsLcpjzTDDmHayakLkrb4NSarQWtT+tG1Xt5ub:8zxzTDWikLSb4NS7ET+tG1XtQb

Score

10^/10

njrat hacked evasion trojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

0.tcp.eu.ngrok.io:11177

Mutex

c6e1be96541084b1f53de49f469e8523

Attributes

reg_key
c6e1be96541084b1f53de49f469e8523
splitter
|'|'|

Targets

- Target
  
  2fe56b2f6d9a5c054b76747dd267b97d.exe
- Size
  
  333KB
- MD5
  
  2fe56b2f6d9a5c054b76747dd267b97d
- SHA1
  
  3737c981dab10ca7b676a3456315f7d59ac3f967
- SHA256
  
  060032a96340a43e32383dbc1f8723eda945a7d1c3d2f7201b36efd3b98d858e
- SHA512
  
  6cf11227817dae593c4e82465dc7080eca4a3767716daf47e53b55938f095349279079a0c7b7e70ed04567896517a2c06d44f540e605e5ec89f51283e6024d85
- SSDEEP
  
  6144:H8JsLcpjzTDDmHayakLkrb4NSarQWtT+tG1Xt5ub:8zxzTDWikLSb4NS7ET+tG1XtQb
Score

10^/10

njrat hacked evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathackedevasiontrojan

behavioral2

njrathackedevasiontrojan