njrat | 0988bc6b04ac4c0f8475733199f1c1c18fcada9b972a906c3d80d62d6e7d343c | Triage

Sharing

General

Target

0988bc6b04ac4c0f8475733199f1c1c18fcada9b972a906c3d80d62d6e7d343c
Size

222KB
Sample

221003-b2bg4aagh9
MD5

3bf7caf61289891504b82a61e646f580
SHA1

b8205a7db4641c07bf3d5bb2addf3e03df52f707
SHA256

0988bc6b04ac4c0f8475733199f1c1c18fcada9b972a906c3d80d62d6e7d343c
SHA512

57f8904b3005517de9db78d2680499aa40960083de812805bf5b807fd694fe2b9a2a99f589c56a60f9eb9dcbb423b434dd042aec4fd514768b4fbe827136e851
SSDEEP

3072:bUN4EJaRilgqZqLYmDOZN/23Qp5oviiXpIv2U2y8J:2qilPOsN/2c5otX2v2U2

Score

10^/10

njrat hacked trojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

HacKed

C2

alimohamed90.no-ip.biz:7991

Mutex

03cfa1487a94d2b11760b77d3e3b04b3

Attributes

reg_key
03cfa1487a94d2b11760b77d3e3b04b3
splitter
|'|'|

Targets

- Target
  
  0988bc6b04ac4c0f8475733199f1c1c18fcada9b972a906c3d80d62d6e7d343c
- Size
  
  222KB
- MD5
  
  3bf7caf61289891504b82a61e646f580
- SHA1
  
  b8205a7db4641c07bf3d5bb2addf3e03df52f707
- SHA256
  
  0988bc6b04ac4c0f8475733199f1c1c18fcada9b972a906c3d80d62d6e7d343c
- SHA512
  
  57f8904b3005517de9db78d2680499aa40960083de812805bf5b807fd694fe2b9a2a99f589c56a60f9eb9dcbb423b434dd042aec4fd514768b4fbe827136e851
- SSDEEP
  
  3072:bUN4EJaRilgqZqLYmDOZN/23Qp5oviiXpIv2U2y8J:2qilPOsN/2c5otX2v2U2
Score

10^/10

njrat hacked trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathackedtrojan

behavioral2

njrathackedtrojan