njrat | 553765cd10aca67763bfc1c158b143c34769fad1c0e826df511024ea6dce1409 | Triage

Sharing

General

Target

0x000600000000b2d2-55.dat
Size

37KB
Sample

220925-h9rydadge3
MD5

26519b81ab0c5400711598dab3492da4
SHA1

b28cd0ed6a3af783bddb83c2f2444902335c13a9
SHA256

553765cd10aca67763bfc1c158b143c34769fad1c0e826df511024ea6dce1409
SHA512

677fc384a8b03142fd3f9d4577b34b97b30ad430d96768c6e9d18ac9df8d3e859b77cc38e85d78e1288caa7c34fc7415e0895f8aaeeb6214527497b11e5b8e2c
SSDEEP

384:K0Lj99kitkZf5W9cTYXyc/jZMM6zffknvUBvrAF+rMRTyN/0L+EcoinblneHQM3a:V9qjjTYic/jW0vUxrM+rMRa8NuNxt

Score

10^/10

njrat hacked evasion trojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

0.tcp.eu.ngrok.io:11177

Mutex

c6e1be96541084b1f53de49f469e8523

Attributes

reg_key
c6e1be96541084b1f53de49f469e8523
splitter
|'|'|

Targets

- Target
  
  0x000600000000b2d2-55.dat
- Size
  
  37KB
- MD5
  
  26519b81ab0c5400711598dab3492da4
- SHA1
  
  b28cd0ed6a3af783bddb83c2f2444902335c13a9
- SHA256
  
  553765cd10aca67763bfc1c158b143c34769fad1c0e826df511024ea6dce1409
- SHA512
  
  677fc384a8b03142fd3f9d4577b34b97b30ad430d96768c6e9d18ac9df8d3e859b77cc38e85d78e1288caa7c34fc7415e0895f8aaeeb6214527497b11e5b8e2c
- SSDEEP
  
  384:K0Lj99kitkZf5W9cTYXyc/jZMM6zffknvUBvrAF+rMRTyN/0L+EcoinblneHQM3a:V9qjjTYic/jW0vUxrM+rMRa8NuNxt
Score

10^/10

njrat hacked evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathackedevasiontrojan

behavioral2

njrathackedevasiontrojan