njrat | fe416e3b6b814dc3a5dc24e6f29f7f6f3aa44654a69f40a3212c96826d182cd4 | Triage

Sharing

General

Target

fe416e3b6b814dc3a5dc24e6f29f7f6f3aa44654a69f40a3212c96826d182cd4
Size

131KB
Sample

221030-h27c4aghe2
MD5

93c3392b91669a01cceb599296c3c2b0
SHA1

fbe8bae801d725dc2d40ce680e14f5b34a5737be
SHA256

fe416e3b6b814dc3a5dc24e6f29f7f6f3aa44654a69f40a3212c96826d182cd4
SHA512

ef4b685c6c75f4f68c49a5ee119576cdec7b4a5abba61d2bca333be18225ac08da6ca8edf91e1bd5fd0fbede4b10b688b53b98a5b26bed7639a71a0a1332a610
SSDEEP

3072:O/fCCPsG9etK87u1JdYVU10PIutREBO9qYDHa4rCcBM2v:OjP2KEhUWPIuPEOAYD64xf

Score

10^/10

njrat yahoo evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

yahoo

C2

127.0.0.1:5552

Mutex

c20dc55207710c29d1db3ad3160138a1

Attributes

reg_key
c20dc55207710c29d1db3ad3160138a1
splitter
|'|'|

Targets

- Target
  
  fe416e3b6b814dc3a5dc24e6f29f7f6f3aa44654a69f40a3212c96826d182cd4
- Size
  
  131KB
- MD5
  
  93c3392b91669a01cceb599296c3c2b0
- SHA1
  
  fbe8bae801d725dc2d40ce680e14f5b34a5737be
- SHA256
  
  fe416e3b6b814dc3a5dc24e6f29f7f6f3aa44654a69f40a3212c96826d182cd4
- SHA512
  
  ef4b685c6c75f4f68c49a5ee119576cdec7b4a5abba61d2bca333be18225ac08da6ca8edf91e1bd5fd0fbede4b10b688b53b98a5b26bed7639a71a0a1332a610
- SSDEEP
  
  3072:O/fCCPsG9etK87u1JdYVU10PIutREBO9qYDHa4rCcBM2v:OjP2KEhUWPIuPEOAYD64xf
Score

10^/10

njrat yahoo evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njratyahooevasiontrojan

behavioral2