njrat | 991e78566446c860f859905c0d4f0529ab5daa9f3792b6206b75e5eab2eaeaa0 | Triage

Sharing

General

Target

991e78566446c860f859905c0d4f0529ab5daa9f3792b6206b75e5eab2eaeaa0
Size

29KB
Sample

221002-2ny94sfcgq
MD5

6653deab44e0c1931da98843a74d52b0
SHA1

3412af8e3fde42c3cca0ba6e5e90783d0a5b1e03
SHA256

991e78566446c860f859905c0d4f0529ab5daa9f3792b6206b75e5eab2eaeaa0
SHA512

50d3be3173d8bfe807dc20a31a46cd22e4cd0928939f96cfcc5837dfe8de83517b798c618130a36a9269e0dd9e2d34582889201304e3fd95f95ce3bd811ca053
SSDEEP

384:ugJGJl7tj1Msagab1h5Vh+2CWmqDebD59ePbGBsbh0w4wlAokw9OhgOL1vYRGOZo:K7nMsanzR+2cqEDveyBKh0p29SgRuz

Score

10^/10

njrat hacked trojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

HacKed

C2

trojanhackninja.ddns.net:2015

Mutex

5607fa2f78a79f2f2e754f5a87fb64d1

Attributes

reg_key
5607fa2f78a79f2f2e754f5a87fb64d1
splitter
|'|'|

Targets

- Target
  
  991e78566446c860f859905c0d4f0529ab5daa9f3792b6206b75e5eab2eaeaa0
- Size
  
  29KB
- MD5
  
  6653deab44e0c1931da98843a74d52b0
- SHA1
  
  3412af8e3fde42c3cca0ba6e5e90783d0a5b1e03
- SHA256
  
  991e78566446c860f859905c0d4f0529ab5daa9f3792b6206b75e5eab2eaeaa0
- SHA512
  
  50d3be3173d8bfe807dc20a31a46cd22e4cd0928939f96cfcc5837dfe8de83517b798c618130a36a9269e0dd9e2d34582889201304e3fd95f95ce3bd811ca053
- SSDEEP
  
  384:ugJGJl7tj1Msagab1h5Vh+2CWmqDebD59ePbGBsbh0w4wlAokw9OhgOL1vYRGOZo:K7nMsanzR+2cqEDveyBKh0p29SgRuz
Score

10^/10

njrat hacked trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathackedtrojan

behavioral2

njrathackedtrojan