njrat | 8e76fd1b71135c84d74fb41915f637309b9584b6565886f5f26cdf142df114cd | Triage

Sharing

General

Target

8e76fd1b71135c84d74fb41915f637309b9584b6565886f5f26cdf142df114cd
Size

82KB
Sample

221003-bb5m9abcgl
MD5

6c670d327ca3c047dd87e04519adad30
SHA1

fd6f02ad9dee2457ee8bbefceeaa437bee636fd2
SHA256

8e76fd1b71135c84d74fb41915f637309b9584b6565886f5f26cdf142df114cd
SHA512

f0d1a41904b80e358c041d4b54d28a56e7dd7f6eb12d64deff091508b493f3fcd4c02a4d675f1e1cdee9dd929e8ed779761ef578c4c8944749bb80233c783451
SSDEEP

1536:KfcJmBgWnjIJSZwlB2hBjsV+1q51ALBYU:KcugiIRB2jKU

Score

10^/10

njrat hacked evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

anwarmaxa.no-ip.biz:4498

Mutex

abc4c646bbdae26ea820ad4be4d0c672

Attributes

reg_key
abc4c646bbdae26ea820ad4be4d0c672
splitter
|'|'|

Targets

- Target
  
  8e76fd1b71135c84d74fb41915f637309b9584b6565886f5f26cdf142df114cd
- Size
  
  82KB
- MD5
  
  6c670d327ca3c047dd87e04519adad30
- SHA1
  
  fd6f02ad9dee2457ee8bbefceeaa437bee636fd2
- SHA256
  
  8e76fd1b71135c84d74fb41915f637309b9584b6565886f5f26cdf142df114cd
- SHA512
  
  f0d1a41904b80e358c041d4b54d28a56e7dd7f6eb12d64deff091508b493f3fcd4c02a4d675f1e1cdee9dd929e8ed779761ef578c4c8944749bb80233c783451
- SSDEEP
  
  1536:KfcJmBgWnjIJSZwlB2hBjsV+1q51ALBYU:KcugiIRB2jKU
Score

10^/10

njrat hacked evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathackedevasiontrojan

behavioral2

njratevasiontrojan