njrat | 7abdd9234b2902341641be64578f4009a4a9cc1f1d382746cf21929ec5ea1c72 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7abdd9234b2902341641be64578f4009a4a9cc1f1d382746cf21929ec5ea1c72
Size

198KB
Sample

221030-j3whnaaga5
MD5

84684b1f696f89be5ac6b558b6780ec0
SHA1

57582c357f838c0dcc55870fdcddcdf6574d3540
SHA256

7abdd9234b2902341641be64578f4009a4a9cc1f1d382746cf21929ec5ea1c72
SHA512

eaa7a5f452d7dcab42da432f922125912f31970914cdc4c1f139d488cbdef8c3f8165a8a78a756fc3158a374ef3a8ea7eca7a50b7ee3180479cefc127b8e3788
SSDEEP

3072:4Svdg5SlA7CT0gm9L1ANLYD39WvHKyXOsRoJQVE4JZbqIv5KkfEr8ba6HKCb:42iSlA7fp70GWvqy+yO6E4J

Score

10^/10

njrat hitler dar g3l evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Hitler Dar g3l

C2

Hitler-2015.no-ip.info:5552

Mutex

f76a96a8a7719521d766507bb0556fcc

Attributes

reg_key
f76a96a8a7719521d766507bb0556fcc
splitter
|'|'|

Targets

- Target
  
  7abdd9234b2902341641be64578f4009a4a9cc1f1d382746cf21929ec5ea1c72
- Size
  
  198KB
- MD5
  
  84684b1f696f89be5ac6b558b6780ec0
- SHA1
  
  57582c357f838c0dcc55870fdcddcdf6574d3540
- SHA256
  
  7abdd9234b2902341641be64578f4009a4a9cc1f1d382746cf21929ec5ea1c72
- SHA512
  
  eaa7a5f452d7dcab42da432f922125912f31970914cdc4c1f139d488cbdef8c3f8165a8a78a756fc3158a374ef3a8ea7eca7a50b7ee3180479cefc127b8e3788
- SSDEEP
  
  3072:4Svdg5SlA7CT0gm9L1ANLYD39WvHKyXOsRoJQVE4JZbqIv5KkfEr8ba6HKCb:42iSlA7fp70GWvqy+yO6E4J
Score

10^/10

njrat hitler dar g3l evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathitler dar g3levasionpersistencetrojan

behavioral2

njratevasionpersistencetrojan