njrat | ca6b84df7841a08e35869a4cdd96acd30399b03f508d3672b41a13bb396f37aa | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ca6b84df7841a08e35869a4cdd96acd30399b03f508d3672b41a13bb396f37aa
Size

31KB
Sample

221121-28s9labb25
MD5

60232e8e9414a762af4d531c56b9d78c
SHA1

97d847407f714277587daa41dd13dbc6bda9556f
SHA256

ca6b84df7841a08e35869a4cdd96acd30399b03f508d3672b41a13bb396f37aa
SHA512

ce2c7f99acf1ba84d48adc1c3f3eb171c44262ecf0d3fde3617d3db58aac6817fc51e21880ff013905044cc6775e078d99d02b1527163db1cebefeec1540596d
SSDEEP

768:YZ7nMsanzR+2cqEDveyBKh0p29SgRXwy:W7nSQtD7KhG29jXw

Score

10^/10

njrat hacked evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

HacKed

C2

srsrytop52.no-ip.org:1177

Mutex

b5e1a09cd48d2dc8fb55d831499d952b

Attributes

reg_key
b5e1a09cd48d2dc8fb55d831499d952b
splitter
|'|'|

Targets

- Target
  
  ca6b84df7841a08e35869a4cdd96acd30399b03f508d3672b41a13bb396f37aa
- Size
  
  31KB
- MD5
  
  60232e8e9414a762af4d531c56b9d78c
- SHA1
  
  97d847407f714277587daa41dd13dbc6bda9556f
- SHA256
  
  ca6b84df7841a08e35869a4cdd96acd30399b03f508d3672b41a13bb396f37aa
- SHA512
  
  ce2c7f99acf1ba84d48adc1c3f3eb171c44262ecf0d3fde3617d3db58aac6817fc51e21880ff013905044cc6775e078d99d02b1527163db1cebefeec1540596d
- SSDEEP
  
  768:YZ7nMsanzR+2cqEDveyBKh0p29SgRXwy:W7nSQtD7KhG29jXw
Score

10^/10

njrat hacked evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackedevasionpersistencetrojan

behavioral2

njrathackedevasionpersistencetrojan