njrat | 8e89bfc3381d4c122767c66799c5502e62b998cd229a4f03eccbc1d845960308 | Triage

Sharing

General

Target

8e89bfc3381d4c122767c66799c5502e62b998cd229a4f03eccbc1d845960308
Size

23KB
Sample

221003-trzfaaedg9
MD5

6a49d3f2f3d0d192dede1fedcdb86870
SHA1

ded1f9fa0bcdd670e3277f51596d612672355e29
SHA256

8e89bfc3381d4c122767c66799c5502e62b998cd229a4f03eccbc1d845960308
SHA512

80e80e2da91f201df3f48ec656b5f332ce194749f57c20f5f79e5785dc4c1c76494290e9b2c119b79ca53031851d6e588476a1e5d1808f58f9b3835e14358ceb
SSDEEP

384:BQeCo2zmZbQHkJeCdUwBvQ61gjuQBnB9mRvR6JZlbw8hqIusZzZl/:W5yBVd7Rpcnui

Score

10^/10

njrat hacked evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

kingshacking.zapto.org:81

Mutex

ddba3ff35ad40cfacb2b222b7c8bc6a1

Attributes

reg_key
ddba3ff35ad40cfacb2b222b7c8bc6a1
splitter
|'|'|

Targets

- Target
  
  8e89bfc3381d4c122767c66799c5502e62b998cd229a4f03eccbc1d845960308
- Size
  
  23KB
- MD5
  
  6a49d3f2f3d0d192dede1fedcdb86870
- SHA1
  
  ded1f9fa0bcdd670e3277f51596d612672355e29
- SHA256
  
  8e89bfc3381d4c122767c66799c5502e62b998cd229a4f03eccbc1d845960308
- SHA512
  
  80e80e2da91f201df3f48ec656b5f332ce194749f57c20f5f79e5785dc4c1c76494290e9b2c119b79ca53031851d6e588476a1e5d1808f58f9b3835e14358ceb
- SSDEEP
  
  384:BQeCo2zmZbQHkJeCdUwBvQ61gjuQBnB9mRvR6JZlbw8hqIusZzZl/:W5yBVd7Rpcnui
Score

10^/10

njrat hacked evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackedevasionpersistencetrojan

behavioral2

njrathackedevasionpersistencetrojan