njrat | cf1f1c157b06c1cc0afaa7a95d3e7dbe3cc0b0d397ade6ae869037a7d77c4896 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cf1f1c157b06c1cc0afaa7a95d3e7dbe3cc0b0d397ade6ae869037a7d77c4896
Size

23KB
Sample

221019-1h3vnshgbr
MD5

8243fec6306dca0a09063f510c7667d0
SHA1

6f6b8cf1cd64e80a9ac2b809fd7e90a898746a03
SHA256

cf1f1c157b06c1cc0afaa7a95d3e7dbe3cc0b0d397ade6ae869037a7d77c4896
SHA512

70c7a68fe8fde6b29796dde74ffcbdf393cdeb7e39a4fb99154d27e52dcdc51cfd99c19ec520ade1933de3b4715915a9b1d42aca3b31715ed342c8ff9d987fd0
SSDEEP

384:eMK6b2GZsx/Yr1+liORH1kcPFQ6Lg9gSOYRr9mRvR6JZlbw8hqIusZzZ1s:pb9glF51LRpcnuZ

Score

10^/10

njrat hacked evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

amine12345.ddns.net:1177

Mutex

86f6e41e7c5fffd8acc8024113ffe731

Attributes

reg_key
86f6e41e7c5fffd8acc8024113ffe731
splitter
|'|'|

Targets

- Target
  
  cf1f1c157b06c1cc0afaa7a95d3e7dbe3cc0b0d397ade6ae869037a7d77c4896
- Size
  
  23KB
- MD5
  
  8243fec6306dca0a09063f510c7667d0
- SHA1
  
  6f6b8cf1cd64e80a9ac2b809fd7e90a898746a03
- SHA256
  
  cf1f1c157b06c1cc0afaa7a95d3e7dbe3cc0b0d397ade6ae869037a7d77c4896
- SHA512
  
  70c7a68fe8fde6b29796dde74ffcbdf393cdeb7e39a4fb99154d27e52dcdc51cfd99c19ec520ade1933de3b4715915a9b1d42aca3b31715ed342c8ff9d987fd0
- SSDEEP
  
  384:eMK6b2GZsx/Yr1+liORH1kcPFQ6Lg9gSOYRr9mRvR6JZlbw8hqIusZzZ1s:pb9glF51LRpcnuZ
Score

10^/10

njrat hacked evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackedevasionpersistencetrojan

behavioral2

njrathackedevasionpersistencetrojan