njrat | 2b903e829950918b5b2ba6ed81fa19be2c5f8fa9934ee4c75bb278934a953468 | Triage

Sharing

General

Target

2b903e829950918b5b2ba6ed81fa19be2c5f8fa9934ee4c75bb278934a953468
Size

81KB
Sample

221002-r5n6cscfgk
MD5

7386700662176cbad09a78028ad0ec10
SHA1

1711b0cf8eb7d63b2acfff46c0b0c69efaaab2bc
SHA256

2b903e829950918b5b2ba6ed81fa19be2c5f8fa9934ee4c75bb278934a953468
SHA512

0c0960abf7126998956bc50a86da810abae30c67e3a388bdc6549d44faa023b4a09e72a69fc8624dde300d5d7a05eeda6c52013d180a64e7a7334964d56ee0a3
SSDEEP

1536:62ny03fkUsFtDAjfuJuE1tnp5FDmLGESGBTUFOa:621PCPAjf8uEN4l+FOa

Score

10^/10

njrat evasion trojan

Malware Config

Targets

- Target
  
  2b903e829950918b5b2ba6ed81fa19be2c5f8fa9934ee4c75bb278934a953468
- Size
  
  81KB
- MD5
  
  7386700662176cbad09a78028ad0ec10
- SHA1
  
  1711b0cf8eb7d63b2acfff46c0b0c69efaaab2bc
- SHA256
  
  2b903e829950918b5b2ba6ed81fa19be2c5f8fa9934ee4c75bb278934a953468
- SHA512
  
  0c0960abf7126998956bc50a86da810abae30c67e3a388bdc6549d44faa023b4a09e72a69fc8624dde300d5d7a05eeda6c52013d180a64e7a7334964d56ee0a3
- SSDEEP
  
  1536:62ny03fkUsFtDAjfuJuE1tnp5FDmLGESGBTUFOa:621PCPAjf8uEN4l+FOa
Score

10^/10

evasion njrat trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

njratevasiontrojan