njrat | defc2be5b09b2c7d97542ee949a45e8d6dd9f825b520b94b7072c232fd019faa | Triage

Sharing

General

Target

defc2be5b09b2c7d97542ee949a45e8d6dd9f825b520b94b7072c232fd019faa
Size

94KB
Sample

221011-sv4zhabfd6
MD5

1532642cfbbdc83113103e7ba8648d60
SHA1

5265c113624dfdf493b90755676b43e88ef5dba1
SHA256

defc2be5b09b2c7d97542ee949a45e8d6dd9f825b520b94b7072c232fd019faa
SHA512

151fd57a10e5aacc12139bcf769e3218d05220ab926d0c91373b6f0c355cd99ab89fe5dd7f5d555e027255e6cb23c9ce826b6a63c1741b1b289376afab4d55a9
SSDEEP

1536:Muna95xsfR7SO3I9URXcgloB9fKGA7jWC45g3ASR3Uc1uof:Mua95SfR94GxcgaM7j74afEkrf

Score

10^/10

njrat evasion trojan

Malware Config

Targets

- Target
  
  defc2be5b09b2c7d97542ee949a45e8d6dd9f825b520b94b7072c232fd019faa
- Size
  
  94KB
- MD5
  
  1532642cfbbdc83113103e7ba8648d60
- SHA1
  
  5265c113624dfdf493b90755676b43e88ef5dba1
- SHA256
  
  defc2be5b09b2c7d97542ee949a45e8d6dd9f825b520b94b7072c232fd019faa
- SHA512
  
  151fd57a10e5aacc12139bcf769e3218d05220ab926d0c91373b6f0c355cd99ab89fe5dd7f5d555e027255e6cb23c9ce826b6a63c1741b1b289376afab4d55a9
- SSDEEP
  
  1536:Muna95xsfR7SO3I9URXcgloB9fKGA7jWC45g3ASR3Uc1uof:Mua95SfR94GxcgaM7j74afEkrf
Score

10^/10

evasion njrat trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

njratevasiontrojan