njrat | b0ca0c818554939b2e8043c4605298f8f2ab0071cafddaf36d6a08684f5a2d02 | Triage

Sharing

General

Target

b0ca0c818554939b2e8043c4605298f8f2ab0071cafddaf36d6a08684f5a2d02
Size

759KB
Sample

221107-gank8sdbbj
MD5

02cf06a70cf46b0c7a09db8531bebb50
SHA1

f6e7407628eb18ae391a44396e7e1993dd28e2ce
SHA256

b0ca0c818554939b2e8043c4605298f8f2ab0071cafddaf36d6a08684f5a2d02
SHA512

53d1ac6f87b16cc377909f53d2f5fd691476e8f896b7307eda5e118239a5116c150f11a0746a7ea103edcfeb2ff934aa8d6977eca862e2735a7d4403ccb8e7da
SSDEEP

12288:O1dlZo5y/RjeQE0A5U/ZvUzTdJCJ5/rcIpwOGSgO8AtmuasL/OeTk2CcpqItSPBS:O1dlZo5YRCQE9U/hUlw7n6SB/OrYqI8Y

Score

10^/10

njrat fucked evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

FUcKed

C2

nigro02.no-ip.info:1177

Mutex

8b6c724afb458a51b8bbc1984d95f348

Attributes

reg_key
8b6c724afb458a51b8bbc1984d95f348
splitter
|'|'|

Targets

- Target
  
  b0ca0c818554939b2e8043c4605298f8f2ab0071cafddaf36d6a08684f5a2d02
- Size
  
  759KB
- MD5
  
  02cf06a70cf46b0c7a09db8531bebb50
- SHA1
  
  f6e7407628eb18ae391a44396e7e1993dd28e2ce
- SHA256
  
  b0ca0c818554939b2e8043c4605298f8f2ab0071cafddaf36d6a08684f5a2d02
- SHA512
  
  53d1ac6f87b16cc377909f53d2f5fd691476e8f896b7307eda5e118239a5116c150f11a0746a7ea103edcfeb2ff934aa8d6977eca862e2735a7d4403ccb8e7da
- SSDEEP
  
  12288:O1dlZo5y/RjeQE0A5U/ZvUzTdJCJ5/rcIpwOGSgO8AtmuasL/OeTk2CcpqItSPBS:O1dlZo5YRCQE9U/hUlw7n6SB/OrYqI8Y
Score

10^/10

njrat fucked evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratfuckedevasionpersistencetrojan

behavioral2

evasionpersistence