njrat | 3b3b5ec3d2b79dc4e7efb5dce6d36e1fc921e4523945c997bf0e052498f5beb6 | Triage

Sharing

General

Target

3b3b5ec3d2b79dc4e7efb5dce6d36e1fc921e4523945c997bf0e052498f5beb6
Size

61KB
Sample

221123-lm1tjsfb9s
MD5

7de96407cfc936824dfe56e9d8ae8de4
SHA1

277d62d7bc00b49e331c6eb92632434ff167bf4c
SHA256

3b3b5ec3d2b79dc4e7efb5dce6d36e1fc921e4523945c997bf0e052498f5beb6
SHA512

062f2d2e71ccc38cd3d7804f57f020a4c298981a3d2416244816616d184109abe2866ab00e55a895e2e754d3045945c593ba94d6a805c1de41d7d0bba0436617
SSDEEP

768:sgR3hPtQhtOKMUJaUPhzpjL3nxgKBf+iAFscscGAy9vHHgOXFjGHnUQ/o:sgX6h8JUJaGvxb2spjZHgO1jR

Score

10^/10

njrat hacked evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

HacKed

C2

kirkukihama.no-ip.biz:1177

Mutex

5cd8f17f4086744065eb0992a09e05a2

Attributes

reg_key
5cd8f17f4086744065eb0992a09e05a2
splitter
|'|'|

Targets

- Target
  
  3b3b5ec3d2b79dc4e7efb5dce6d36e1fc921e4523945c997bf0e052498f5beb6
- Size
  
  61KB
- MD5
  
  7de96407cfc936824dfe56e9d8ae8de4
- SHA1
  
  277d62d7bc00b49e331c6eb92632434ff167bf4c
- SHA256
  
  3b3b5ec3d2b79dc4e7efb5dce6d36e1fc921e4523945c997bf0e052498f5beb6
- SHA512
  
  062f2d2e71ccc38cd3d7804f57f020a4c298981a3d2416244816616d184109abe2866ab00e55a895e2e754d3045945c593ba94d6a805c1de41d7d0bba0436617
- SSDEEP
  
  768:sgR3hPtQhtOKMUJaUPhzpjL3nxgKBf+iAFscscGAy9vHHgOXFjGHnUQ/o:sgX6h8JUJaGvxb2spjZHgO1jR
Score

10^/10

njrat hacked evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackedevasiontrojan

behavioral2

njrathackedtrojan