njrat | 59f8f2d31c3b6af4416e4a8de50f3fb93a07b5b1fc089c5fbf8f971c1f858306 | Triage

Sharing

General

Target

59f8f2d31c3b6af4416e4a8de50f3fb93a07b5b1fc089c5fbf8f971c1f858306
Size

119KB
Sample

221003-b8cnqscfhk
MD5

6fabf8dc37c601c9195c46da57484ce0
SHA1

302b9373860b179d94d334ea7db9c89c48d8e5e4
SHA256

59f8f2d31c3b6af4416e4a8de50f3fb93a07b5b1fc089c5fbf8f971c1f858306
SHA512

6acfb42c0b7a57de527be0df66b5b3e87d46d444e89012cabc3313dfd852e3dd1d4867f08ef5430e4275bf5f8ec091b246b86b96af24145038885918944ba807
SSDEEP

1536:v6quQ2V0CRa0XVs9iIH1NOl8HHuRhFLDW3VRqLw1QiN41D37qDO:yq12VNa1qCoXDgV31G6O

Score

10^/10

njrat evasion persistence trojan

Malware Config

Targets

- Target
  
  59f8f2d31c3b6af4416e4a8de50f3fb93a07b5b1fc089c5fbf8f971c1f858306
- Size
  
  119KB
- MD5
  
  6fabf8dc37c601c9195c46da57484ce0
- SHA1
  
  302b9373860b179d94d334ea7db9c89c48d8e5e4
- SHA256
  
  59f8f2d31c3b6af4416e4a8de50f3fb93a07b5b1fc089c5fbf8f971c1f858306
- SHA512
  
  6acfb42c0b7a57de527be0df66b5b3e87d46d444e89012cabc3313dfd852e3dd1d4867f08ef5430e4275bf5f8ec091b246b86b96af24145038885918944ba807
- SSDEEP
  
  1536:v6quQ2V0CRa0XVs9iIH1NOl8HHuRhFLDW3VRqLw1QiN41D37qDO:yq12VNa1qCoXDgV31G6O
Score

10^/10

evasion persistence njrat trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

njratevasionpersistencetrojan