njrat | 9371308f3514923f9a105edcfe1bce89a1ea3caf4e045ce18f6884cd9820c89d | Triage

Sharing

General

Target

9371308f3514923f9a105edcfe1bce89a1ea3caf4e045ce18f6884cd9820c89d
Size

23KB
Sample

221121-29wq4see91
MD5

f04fc64cbea25002a9bd5ddcd260d06f
SHA1

8af7051594408b726616015bfac42f35017ad227
SHA256

9371308f3514923f9a105edcfe1bce89a1ea3caf4e045ce18f6884cd9820c89d
SHA512

28f28a55307fe71ccd5a131e1fa92fbf0b6b8757bab7442245e93fbf7153c1e83b33ea3bdcd47b1d55da142f713f707d0fd95fa607ab2ed19ab8e2edc7a5ff16
SSDEEP

384:rYmdk8XvCJrQLdRGSiEYF7Y65gPyx6BDXNRmRvR6JZlbw8hqIusZzZGJU:UwWkti/aeRpcnuG

Score

10^/10

njrat vectim's ahmed evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Vectim's ahmed

C2

jihed2013.zapto.org:1177

Mutex

e10d37000e740cdb48fa883045c507b4

Attributes

reg_key
e10d37000e740cdb48fa883045c507b4
splitter
|'|'|

Targets

- Target
  
  9371308f3514923f9a105edcfe1bce89a1ea3caf4e045ce18f6884cd9820c89d
- Size
  
  23KB
- MD5
  
  f04fc64cbea25002a9bd5ddcd260d06f
- SHA1
  
  8af7051594408b726616015bfac42f35017ad227
- SHA256
  
  9371308f3514923f9a105edcfe1bce89a1ea3caf4e045ce18f6884cd9820c89d
- SHA512
  
  28f28a55307fe71ccd5a131e1fa92fbf0b6b8757bab7442245e93fbf7153c1e83b33ea3bdcd47b1d55da142f713f707d0fd95fa607ab2ed19ab8e2edc7a5ff16
- SSDEEP
  
  384:rYmdk8XvCJrQLdRGSiEYF7Y65gPyx6BDXNRmRvR6JZlbw8hqIusZzZGJU:UwWkti/aeRpcnuG
Score

10^/10

njrat vectim's ahmed evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

vectim's ahmednjrat

behavioral1

njratvectim's ahmedevasionpersistencetrojan

behavioral2

njratvectim's ahmedevasionpersistencetrojan