njrat | 82969f80e4cb9e5574aa717d2e1879d227ea14c336a8ff9e34a1bab451e60eef | Triage

Sharing

General

Target

82969f80e4cb9e5574aa717d2e1879d227ea14c336a8ff9e34a1bab451e60eef
Size

23KB
Sample

221003-rjn88saee2
MD5

69018a611e849afae70ccca22c33a880
SHA1

05495340b7803491c073673e610a74d3100ffcef
SHA256

82969f80e4cb9e5574aa717d2e1879d227ea14c336a8ff9e34a1bab451e60eef
SHA512

731103d2825c570962884a73448d39e6f239e12e6e23b242e0658516bb1364c86fe019563555f978ca61c8446daac050cbba57825fd2c0a3b834372e00cbe2f2
SSDEEP

384:8MK6b2GZsx/Yr1+liORH1kcPFQ6Lg9gSOYRr9mRvR6JZlbw8hqIusZzZIT:vb9glF51LRpcnuF

Score

10^/10

njrat hacked evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

red-devil.no-ip.biz:5552

Mutex

e7968b08a6b9e96d942ee2d695696eb6

Attributes

reg_key
e7968b08a6b9e96d942ee2d695696eb6
splitter
|'|'|

Targets

- Target
  
  82969f80e4cb9e5574aa717d2e1879d227ea14c336a8ff9e34a1bab451e60eef
- Size
  
  23KB
- MD5
  
  69018a611e849afae70ccca22c33a880
- SHA1
  
  05495340b7803491c073673e610a74d3100ffcef
- SHA256
  
  82969f80e4cb9e5574aa717d2e1879d227ea14c336a8ff9e34a1bab451e60eef
- SHA512
  
  731103d2825c570962884a73448d39e6f239e12e6e23b242e0658516bb1364c86fe019563555f978ca61c8446daac050cbba57825fd2c0a3b834372e00cbe2f2
- SSDEEP
  
  384:8MK6b2GZsx/Yr1+liORH1kcPFQ6Lg9gSOYRr9mRvR6JZlbw8hqIusZzZIT:vb9glF51LRpcnuF
Score

10^/10

njrat hacked evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackedevasiontrojan

behavioral2

njrathackedevasiontrojan