njrat | b42314c9cd1826c4ed8daa6aa8449023295ea3617765c7a01c142602817f459a | Triage

Sharing

General

Target

b42314c9cd1826c4ed8daa6aa8449023295ea3617765c7a01c142602817f459a
Size

78KB
Sample

221003-q2wwcshggp
MD5

6bfc893d8c55135991684d2a1f22a870
SHA1

8547449eda6fe1e3ffb436ff1376b6300a3ffbfb
SHA256

b42314c9cd1826c4ed8daa6aa8449023295ea3617765c7a01c142602817f459a
SHA512

c8bcd2b259432c6d4eab48d7266538ea975ec6f4245b99906b5e5d33a2cbd810b67866b675cdc1da91b4e3dee24edaee824cecccb9981e1061ffe6720d1a81c1
SSDEEP

1536:qpye12WOmLwbCNwys6DGY9cabWdsbAwF6TQuLMmeQSdRmZv1V:qpye12KwUfDoabWYBF6JLMm/Sdw1V

Score

10^/10

njrat evasion trojan

Malware Config

Targets

- Target
  
  b42314c9cd1826c4ed8daa6aa8449023295ea3617765c7a01c142602817f459a
- Size
  
  78KB
- MD5
  
  6bfc893d8c55135991684d2a1f22a870
- SHA1
  
  8547449eda6fe1e3ffb436ff1376b6300a3ffbfb
- SHA256
  
  b42314c9cd1826c4ed8daa6aa8449023295ea3617765c7a01c142602817f459a
- SHA512
  
  c8bcd2b259432c6d4eab48d7266538ea975ec6f4245b99906b5e5d33a2cbd810b67866b675cdc1da91b4e3dee24edaee824cecccb9981e1061ffe6720d1a81c1
- SSDEEP
  
  1536:qpye12WOmLwbCNwys6DGY9cabWdsbAwF6TQuLMmeQSdRmZv1V:qpye12KwUfDoabWYBF6JLMm/Sdw1V
Score

10^/10

njrat evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratevasiontrojan

behavioral2

njratevasiontrojan