njrat | c3979a46ce3c67248d5423faca1f686604c44c443931d673d48b4375c29f327d | Triage

Sharing

General

Target

c3979a46ce3c67248d5423faca1f686604c44c443931d673d48b4375c29f327d
Size

80KB
Sample

221019-1mzzkshhf2
MD5

828172a3ff048806faaf617afcc30760
SHA1

cb05a78d65a40cf0290493b85dbc6e389b47ba7e
SHA256

c3979a46ce3c67248d5423faca1f686604c44c443931d673d48b4375c29f327d
SHA512

4fca596aa7e4536abcbc7749dcecc1517da3b9dc6d6e658e9fa412b2222d6f29ec3f5f40bfafc1dd367bb8e4bf72d521228d3573a5b239e1a2183ae5c3feaf2b
SSDEEP

1536:LLBdSTGw6mWXphu7ZX0h7TyL40Sg8/S7YcjpnvtlZ9+:L14G3mMYX+KSB/WDjVZ9+

Score

10^/10

njrat evasion persistence trojan

Malware Config

Targets

- Target
  
  c3979a46ce3c67248d5423faca1f686604c44c443931d673d48b4375c29f327d
- Size
  
  80KB
- MD5
  
  828172a3ff048806faaf617afcc30760
- SHA1
  
  cb05a78d65a40cf0290493b85dbc6e389b47ba7e
- SHA256
  
  c3979a46ce3c67248d5423faca1f686604c44c443931d673d48b4375c29f327d
- SHA512
  
  4fca596aa7e4536abcbc7749dcecc1517da3b9dc6d6e658e9fa412b2222d6f29ec3f5f40bfafc1dd367bb8e4bf72d521228d3573a5b239e1a2183ae5c3feaf2b
- SSDEEP
  
  1536:LLBdSTGw6mWXphu7ZX0h7TyL40Sg8/S7YcjpnvtlZ9+:L14G3mMYX+KSB/WDjVZ9+
Score

10^/10

evasion persistence njrat trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

njratevasionpersistencetrojan