modiloader | 0b7927369382e066477942b846cf63f548061207ccb513e60f515f191cd3ec90 | Triage

Sharing

General

Target

0b7927369382e066477942b846cf63f548061207ccb513e60f515f191cd3ec90
Size

166KB
Sample

221003-cl6tqsbge7
MD5

6c925d7f69ba47e3e8ccb2474cf74cc0
SHA1

24108206b07bdd746de942832535cb6de7daab29
SHA256

0b7927369382e066477942b846cf63f548061207ccb513e60f515f191cd3ec90
SHA512

bf0ce52e920286a62d34aeb2f4b4d101d1d7ff565a79e79ffcc7e9d53a8446ef0b770dfd8ecad28f36d93f8f793c0066fa85a764ee38c201c29ff64912939dbc
SSDEEP

3072:mxkJK5AHrgLdB6Ysm6naFnhToIj6VPr6gYU58MjpAoBQDWDbnXgsXs227qJB4C6Y:ik8OHrgpysnZjEPgBMjpAornwnOJB4ZY

Score

10^/10

modiloader njrat hacked evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

my22imaliassad.ddns.net:1177

Mutex

6b62e27c91b6a7a477b4ea53b5b9d287

Attributes

reg_key
6b62e27c91b6a7a477b4ea53b5b9d287
splitter
|'|'|

Targets

- Target
  
  0b7927369382e066477942b846cf63f548061207ccb513e60f515f191cd3ec90
- Size
  
  166KB
- MD5
  
  6c925d7f69ba47e3e8ccb2474cf74cc0
- SHA1
  
  24108206b07bdd746de942832535cb6de7daab29
- SHA256
  
  0b7927369382e066477942b846cf63f548061207ccb513e60f515f191cd3ec90
- SHA512
  
  bf0ce52e920286a62d34aeb2f4b4d101d1d7ff565a79e79ffcc7e9d53a8446ef0b770dfd8ecad28f36d93f8f793c0066fa85a764ee38c201c29ff64912939dbc
- SSDEEP
  
  3072:mxkJK5AHrgLdB6Ysm6naFnhToIj6VPr6gYU58MjpAoBQDWDbnXgsXs227qJB4C6Y:ik8OHrgpysnZjEPgBMjpAornwnOJB4ZY
Score

10^/10

njrat hacked evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackedevasionpersistencetrojan

behavioral2

njrathackedevasionpersistencetrojan