njrat | 844332bb0ce186ebc99222299600233f8d666cb07a29cbb6ed8b892cb2cad1a2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

844332bb0ce186ebc99222299600233f8d666cb07a29cbb6ed8b892cb2cad1a2
Size

44KB
Sample

221011-wppjeaghbk
MD5

153dcd0e625490624c25349d8f533d40
SHA1

cd1e2d8447dc62011af02b4f2cc62c3fef974bde
SHA256

844332bb0ce186ebc99222299600233f8d666cb07a29cbb6ed8b892cb2cad1a2
SHA512

4573d2ec1837d6eceefd43db04622312ab21b985a14e025a48da94b7958e22f9f1c1ba17fa1bc6ca8fd1bab0f64c308e1c9d5a101687752cce44d1c0211c4b33
SSDEEP

768:fgGwN4wX8gcuYfm5njMxGaxEv6ZiRIcHe9yWOF6:ox6MYf0QGYESpj7OM

Score

10^/10

njrat hacked evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

dodo654.no-ip.biz:2015

Mutex

d2c6385919c8311aa256fd6debafb1b2

Attributes

reg_key
d2c6385919c8311aa256fd6debafb1b2
splitter
|'|'|

Targets

- Target
  
  844332bb0ce186ebc99222299600233f8d666cb07a29cbb6ed8b892cb2cad1a2
- Size
  
  44KB
- MD5
  
  153dcd0e625490624c25349d8f533d40
- SHA1
  
  cd1e2d8447dc62011af02b4f2cc62c3fef974bde
- SHA256
  
  844332bb0ce186ebc99222299600233f8d666cb07a29cbb6ed8b892cb2cad1a2
- SHA512
  
  4573d2ec1837d6eceefd43db04622312ab21b985a14e025a48da94b7958e22f9f1c1ba17fa1bc6ca8fd1bab0f64c308e1c9d5a101687752cce44d1c0211c4b33
- SSDEEP
  
  768:fgGwN4wX8gcuYfm5njMxGaxEv6ZiRIcHe9yWOF6:ox6MYf0QGYESpj7OM
Score

10^/10

njrat hacked evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

njrathackedevasionpersistencetrojan