njrat | cd336c9e04d1f438b5a3249293d11772a0363a68a98f8a0f0b0a4d1bcfeaa77e | Triage

Sharing

General

Target

cd336c9e04d1f438b5a3249293d11772a0363a68a98f8a0f0b0a4d1bcfeaa77e
Size

33KB
Sample

221030-n7tl3saggm
MD5

83d45a3c15206c86e6f95943f26b5590
SHA1

c05c38a501f4a1da79ae13a124f77abfd18fae71
SHA256

cd336c9e04d1f438b5a3249293d11772a0363a68a98f8a0f0b0a4d1bcfeaa77e
SHA512

e6e7980cd3a44eb9dccd5dd4da3218c97f1c5ba20872785b25a10527621204b3ed326c9bdad4d791322356738bfb45d56dafbd4144f6466158a9d33e7fdd92bf
SSDEEP

384:GtetPbVS5/OcLmDqWPT+1o1NRgys+xOXPYwPIWrr3lXGV2xmzV777F7/m0N+GC4U:GWcYCW1VzxOfZPICWB73pxEvUOK0yC

Score

10^/10

njrat evasion persistence trojan

Malware Config

Targets

- Target
  
  cd336c9e04d1f438b5a3249293d11772a0363a68a98f8a0f0b0a4d1bcfeaa77e
- Size
  
  33KB
- MD5
  
  83d45a3c15206c86e6f95943f26b5590
- SHA1
  
  c05c38a501f4a1da79ae13a124f77abfd18fae71
- SHA256
  
  cd336c9e04d1f438b5a3249293d11772a0363a68a98f8a0f0b0a4d1bcfeaa77e
- SHA512
  
  e6e7980cd3a44eb9dccd5dd4da3218c97f1c5ba20872785b25a10527621204b3ed326c9bdad4d791322356738bfb45d56dafbd4144f6466158a9d33e7fdd92bf
- SSDEEP
  
  384:GtetPbVS5/OcLmDqWPT+1o1NRgys+xOXPYwPIWrr3lXGV2xmzV777F7/m0N+GC4U:GWcYCW1VzxOfZPICWB73pxEvUOK0yC
Score

10^/10

evasion persistence njrat trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

njratevasionpersistencetrojan