njrat | 8b40040cf08471cecbad21a1199b23336bcca69d97220ef0e592fe5106d118f2 | Triage

Sharing

General

Target

8b40040cf08471cecbad21a1199b23336bcca69d97220ef0e592fe5106d118f2
Size

66KB
Sample

221002-k48eaagga3
MD5

678736f0c01d5772c5fe8f17c2a2f0a0
SHA1

6fd5092205a163cdd409a28a321221d4e12ebc96
SHA256

8b40040cf08471cecbad21a1199b23336bcca69d97220ef0e592fe5106d118f2
SHA512

8d9f62978cf91e597d4a8e19e2747a5d70fcbb42deaf3c4036a0c15454a959f59ca2350f4d30ce55cf09bd25f0cdf7f5004240d24c9ba374d72a72728fb21830
SSDEEP

1536:i7hWVUJZKhG29jD4Uj2qkSZZZ3gdt7j2qkSZZZD:sWVcQA29djYUG7jYi

Score

10^/10

njrat hacked evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

HacKed

C2

redwaneboudaa.zapto.org:1177

Mutex

6041060f82ac9ecc2165d44257f9aec8

Attributes

reg_key
6041060f82ac9ecc2165d44257f9aec8
splitter
|'|'|

Targets

- Target
  
  8b40040cf08471cecbad21a1199b23336bcca69d97220ef0e592fe5106d118f2
- Size
  
  66KB
- MD5
  
  678736f0c01d5772c5fe8f17c2a2f0a0
- SHA1
  
  6fd5092205a163cdd409a28a321221d4e12ebc96
- SHA256
  
  8b40040cf08471cecbad21a1199b23336bcca69d97220ef0e592fe5106d118f2
- SHA512
  
  8d9f62978cf91e597d4a8e19e2747a5d70fcbb42deaf3c4036a0c15454a959f59ca2350f4d30ce55cf09bd25f0cdf7f5004240d24c9ba374d72a72728fb21830
- SSDEEP
  
  1536:i7hWVUJZKhG29jD4Uj2qkSZZZ3gdt7j2qkSZZZD:sWVcQA29djYUG7jYi
Score

10^/10

njrat hacked evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathackedevasiontrojan

behavioral2

njrathackedevasiontrojan