njrat | 9b595740e4043b58c8bb54bf19a5e6cb3174e9e86723ad7bc537f7bf77d0fa28 | Triage

Sharing

General

Target

9b595740e4043b58c8bb54bf19a5e6cb3174e9e86723ad7bc537f7bf77d0fa28
Size

179KB
Sample

221003-3j7alacda4
MD5

65e6d30f2d5c7e95d9b50e958954cd80
SHA1

027b6b015178cf38ce946e339a3cab5751e1e466
SHA256

9b595740e4043b58c8bb54bf19a5e6cb3174e9e86723ad7bc537f7bf77d0fa28
SHA512

045f1606068625eb6f9a5daf7b47465bea95187215d9d7ed9175f43bc49a1e520fbd339504cc33b67aca01e65430c091091137b5e57f088150d503daf56f6e0d
SSDEEP

3072:HBya8lMwvKbOVstJlhbBtc5gnOYTcefZw3qlVyPQEkrmHHr4:LQvKg5gV63fQVSHs

Score

10^/10

njrat evasion persistence trojan

Malware Config

Targets

- Target
  
  9b595740e4043b58c8bb54bf19a5e6cb3174e9e86723ad7bc537f7bf77d0fa28
- Size
  
  179KB
- MD5
  
  65e6d30f2d5c7e95d9b50e958954cd80
- SHA1
  
  027b6b015178cf38ce946e339a3cab5751e1e466
- SHA256
  
  9b595740e4043b58c8bb54bf19a5e6cb3174e9e86723ad7bc537f7bf77d0fa28
- SHA512
  
  045f1606068625eb6f9a5daf7b47465bea95187215d9d7ed9175f43bc49a1e520fbd339504cc33b67aca01e65430c091091137b5e57f088150d503daf56f6e0d
- SSDEEP
  
  3072:HBya8lMwvKbOVstJlhbBtc5gnOYTcefZw3qlVyPQEkrmHHr4:LQvKg5gV63fQVSHs
Score

10^/10

evasion persistence njrat trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

njratevasionpersistencetrojan