njrat | 2d00d1b2e6d0a7ebd5900a4bf24b3b537cac387dd910cb33492ca450790d4b85 | Triage

Sharing

General

Target

2d00d1b2e6d0a7ebd5900a4bf24b3b537cac387dd910cb33492ca450790d4b85
Size

97KB
Sample

221003-bvhb3acbaq
MD5

0892986a8fa6434e3403c9f8c00666b0
SHA1

7b3fd9e6f628dc3af5b3f892168a61baa3505987
SHA256

2d00d1b2e6d0a7ebd5900a4bf24b3b537cac387dd910cb33492ca450790d4b85
SHA512

a7cb0104ead8493ef4f71b1c4d2d658ff630f8a8803ade71e5e33b7c17c98bc3949daf5158dff2832fc40d503f9dd151b7480cb005e72041781a1b75a9c255ac
SSDEEP

1536:ppV+CtsTTkQfU8Iz+A+WOAse4ZtgMdVz8ROhs3ppSPl0cqIUylJu:ppo0sTTk2UBz+7AEGnUhsZpSEIUSJu

Score

10^/10

njrat evasion persistence trojan

Malware Config

Targets

- Target
  
  2d00d1b2e6d0a7ebd5900a4bf24b3b537cac387dd910cb33492ca450790d4b85
- Size
  
  97KB
- MD5
  
  0892986a8fa6434e3403c9f8c00666b0
- SHA1
  
  7b3fd9e6f628dc3af5b3f892168a61baa3505987
- SHA256
  
  2d00d1b2e6d0a7ebd5900a4bf24b3b537cac387dd910cb33492ca450790d4b85
- SHA512
  
  a7cb0104ead8493ef4f71b1c4d2d658ff630f8a8803ade71e5e33b7c17c98bc3949daf5158dff2832fc40d503f9dd151b7480cb005e72041781a1b75a9c255ac
- SSDEEP
  
  1536:ppV+CtsTTkQfU8Iz+A+WOAse4ZtgMdVz8ROhs3ppSPl0cqIUylJu:ppo0sTTk2UBz+7AEGnUhsZpSEIUSJu
Score

10^/10

evasion persistence njrat trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

njratevasionpersistencetrojan