njrat | 4a17f958979cdae4b705021e3fae91288d26e9f7a39d935f210325cae0505871 | Triage

Sharing

General

Target

4a17f958979cdae4b705021e3fae91288d26e9f7a39d935f210325cae0505871
Size

148KB
Sample

221106-d69lssddcq
MD5

038f46069d0a4f29ab44b7c766a173f0
SHA1

b066930a925f89d6a5da9b1cee4c806ff3c3119c
SHA256

4a17f958979cdae4b705021e3fae91288d26e9f7a39d935f210325cae0505871
SHA512

78cb743db6f324485234b0a82fb00ae2fbd5aa7375d9777b9897e57a0df82b0be14bc5b4d1e8a9ab265249c6dde9dec247a4b5f1fc71e6010f6881eaa25e5ca5
SSDEEP

3072:iUu32GhNvBO9qCDtLoosE/WIgU1/B65wYEPv6ANSzlWA9hFDZqz:iU82GhNpC2J47Z1/UeNNSzz5q

Score

10^/10

njrat hacked trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

127.0.0.1:5552

Mutex

f974a60849f958b913754e5bb1f5dfce

Attributes

reg_key
f974a60849f958b913754e5bb1f5dfce
splitter
|'|'|

Targets

- Target
  
  4a17f958979cdae4b705021e3fae91288d26e9f7a39d935f210325cae0505871
- Size
  
  148KB
- MD5
  
  038f46069d0a4f29ab44b7c766a173f0
- SHA1
  
  b066930a925f89d6a5da9b1cee4c806ff3c3119c
- SHA256
  
  4a17f958979cdae4b705021e3fae91288d26e9f7a39d935f210325cae0505871
- SHA512
  
  78cb743db6f324485234b0a82fb00ae2fbd5aa7375d9777b9897e57a0df82b0be14bc5b4d1e8a9ab265249c6dde9dec247a4b5f1fc71e6010f6881eaa25e5ca5
- SSDEEP
  
  3072:iUu32GhNvBO9qCDtLoosE/WIgU1/B65wYEPv6ANSzlWA9hFDZqz:iU82GhNpC2J47Z1/UeNNSzz5q
Score

10^/10

njrat hacked trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

njrathackedtrojan