njrat | 7a138b35ceebce064755c3f664f8f51df0dbf8a93cdff37b94ba6df3f128bd63 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7a138b35ceebce064755c3f664f8f51df0dbf8a93cdff37b94ba6df3f128bd63
Size

23KB
Sample

221014-l7pl1safd9
MD5

740cb7a3651824d24a44bc6b16872f20
SHA1

d2099eb62aef61b95ee0d7f2073a9cc324869967
SHA256

7a138b35ceebce064755c3f664f8f51df0dbf8a93cdff37b94ba6df3f128bd63
SHA512

87c9f16adb71aa0b9a4661506e85bb63d0f621e3c8e83ae54692558755f647f9fa6aa0dc298e39747e6cc5cd37fc36d99d53de8a2b9488f501572b45b2041fff
SSDEEP

384:v8aZYC9twBNdcvFaly2H0dbJo6HghcASEJqc/ZmRvR6JZlbw8hqIusZzZH9x:jY+sNKqNHnSdRpcnu43

Score

10^/10

njrat hacked evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

ehab123.no-ip.biz:1177

Mutex

df9c15696cd4c733783b209b98d1e3f3

Attributes

reg_key
df9c15696cd4c733783b209b98d1e3f3
splitter
|'|'|

Targets

- Target
  
  7a138b35ceebce064755c3f664f8f51df0dbf8a93cdff37b94ba6df3f128bd63
- Size
  
  23KB
- MD5
  
  740cb7a3651824d24a44bc6b16872f20
- SHA1
  
  d2099eb62aef61b95ee0d7f2073a9cc324869967
- SHA256
  
  7a138b35ceebce064755c3f664f8f51df0dbf8a93cdff37b94ba6df3f128bd63
- SHA512
  
  87c9f16adb71aa0b9a4661506e85bb63d0f621e3c8e83ae54692558755f647f9fa6aa0dc298e39747e6cc5cd37fc36d99d53de8a2b9488f501572b45b2041fff
- SSDEEP
  
  384:v8aZYC9twBNdcvFaly2H0dbJo6HghcASEJqc/ZmRvR6JZlbw8hqIusZzZH9x:jY+sNKqNHnSdRpcnu43
Score

10^/10

njrat hacked evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackedevasionpersistencetrojan

behavioral2

njrathackedevasionpersistencetrojan