njrat | 25e8214b16a263f671a643e0272376c1f1d70b0b585ec7ab83c9234710da9bdd | Triage

Sharing

General

Target

25e8214b16a263f671a643e0272376c1f1d70b0b585ec7ab83c9234710da9bdd
Size

228KB
Sample

221003-bwwk3safd4
MD5

011bb75fb268a7d8ec0c65176bb18570
SHA1

1ad5b8251012ef4aa1c968c8a97ebdb3eeb48999
SHA256

25e8214b16a263f671a643e0272376c1f1d70b0b585ec7ab83c9234710da9bdd
SHA512

ecfbca52a9fcc833d3a5a271172e3ef483bbbf076e9255f8922f7434c291d85f3a8967973777a032186f9bc7e57b463cb7d7d9c94b58b1dbb98ffb619b5442c4
SSDEEP

3072:PNR8MhW0lc+5cTpk6nq0l90o+VEz4vel4f2ZnZKfNsJQ1cZiQ8:Pp/lc3pk+91z4vV2nWS8

Score

10^/10

njrat hacked evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

HacKed

C2

sex4233.no-ip.biz:1177

Mutex

573ca50cfe6c999db883b04b1fd23b44

Attributes

reg_key
573ca50cfe6c999db883b04b1fd23b44
splitter
|'|'|

Targets

- Target
  
  25e8214b16a263f671a643e0272376c1f1d70b0b585ec7ab83c9234710da9bdd
- Size
  
  228KB
- MD5
  
  011bb75fb268a7d8ec0c65176bb18570
- SHA1
  
  1ad5b8251012ef4aa1c968c8a97ebdb3eeb48999
- SHA256
  
  25e8214b16a263f671a643e0272376c1f1d70b0b585ec7ab83c9234710da9bdd
- SHA512
  
  ecfbca52a9fcc833d3a5a271172e3ef483bbbf076e9255f8922f7434c291d85f3a8967973777a032186f9bc7e57b463cb7d7d9c94b58b1dbb98ffb619b5442c4
- SSDEEP
  
  3072:PNR8MhW0lc+5cTpk6nq0l90o+VEz4vel4f2ZnZKfNsJQ1cZiQ8:Pp/lc3pk+91z4vV2nWS8
Score

10^/10

njrat hacked evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathackedevasiontrojan

behavioral2