njrat | 4099691b6923caf26f04c475c83d2eabbee3167061cb9d683c67cf36e63b31a9 | Triage

Sharing

General

Target

2f79aaf512689c9403db74af2edb79ac.exe
Size

484KB
Sample

221123-1ml3qaff65
MD5

2f79aaf512689c9403db74af2edb79ac
SHA1

63f197e4139dafa86daa135e910cebb5c515d196
SHA256

4099691b6923caf26f04c475c83d2eabbee3167061cb9d683c67cf36e63b31a9
SHA512

dbcf00436f34a71da3b44ecf16647ffbfb99d307bf7975abacc8c640f78e5a4ec55c014380d626529ef94ae557e01a9f685e3aba9c660e4d02faf38e21a71850
SSDEEP

6144:x/iQb+ckQsH8TDRGKJkSvGUlYG2VT+tr08yZPzkLQsJVQc1VTNN2HMDgtHxyPw5:oQnk3GDYKGcblMT+tr08yZwL1p8Hx+w5

Score

10^/10

njrat hacked evasion trojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

6.tcp.ngrok.io:15907

Mutex

55beb0adf3929af15490d2dcbd04f397

Attributes

reg_key
55beb0adf3929af15490d2dcbd04f397
splitter
|'|'|

Targets

- Target
  
  2f79aaf512689c9403db74af2edb79ac.exe
- Size
  
  484KB
- MD5
  
  2f79aaf512689c9403db74af2edb79ac
- SHA1
  
  63f197e4139dafa86daa135e910cebb5c515d196
- SHA256
  
  4099691b6923caf26f04c475c83d2eabbee3167061cb9d683c67cf36e63b31a9
- SHA512
  
  dbcf00436f34a71da3b44ecf16647ffbfb99d307bf7975abacc8c640f78e5a4ec55c014380d626529ef94ae557e01a9f685e3aba9c660e4d02faf38e21a71850
- SSDEEP
  
  6144:x/iQb+ckQsH8TDRGKJkSvGUlYG2VT+tr08yZPzkLQsJVQc1VTNN2HMDgtHxyPw5:oQnk3GDYKGcblMT+tr08yZwL1p8Hx+w5
Score

10^/10

njrat hacked evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackedevasiontrojan

behavioral2

njrathackedevasiontrojan