njrat | 9d15d34676bafac07b0e985be55deb963addd933d0c4f595c2b2ffbccb4bb7f3 | Triage

Sharing

General

Target

9d15d34676bafac07b0e985be55deb963addd933d0c4f595c2b2ffbccb4bb7f3
Size

249KB
Sample

221123-lm22lsfb9v
MD5

2517b2a262f7f57afd902da885ad21c0
SHA1

129177dd00e4a339852897e995fac3cbd6fd9f24
SHA256

9d15d34676bafac07b0e985be55deb963addd933d0c4f595c2b2ffbccb4bb7f3
SHA512

24e6b906b5a4cea65a8fbf26a3fc0ae3b73c4b9b04058419f01471624ccdc6b1e9fc645eeca576d94724ad52495d39c85412b7307934812f6f989cf6b45998a4
SSDEEP

6144:WZmu7oUcwk61Wj3UonUjvGV4dsk5Ge1nfiKsDizuS:WZ97Zh18UjuVvk5GuaKo

Score

10^/10

njrat evasion trojan

Malware Config

Targets

- Target
  
  9d15d34676bafac07b0e985be55deb963addd933d0c4f595c2b2ffbccb4bb7f3
- Size
  
  249KB
- MD5
  
  2517b2a262f7f57afd902da885ad21c0
- SHA1
  
  129177dd00e4a339852897e995fac3cbd6fd9f24
- SHA256
  
  9d15d34676bafac07b0e985be55deb963addd933d0c4f595c2b2ffbccb4bb7f3
- SHA512
  
  24e6b906b5a4cea65a8fbf26a3fc0ae3b73c4b9b04058419f01471624ccdc6b1e9fc645eeca576d94724ad52495d39c85412b7307934812f6f989cf6b45998a4
- SSDEEP
  
  6144:WZmu7oUcwk61Wj3UonUjvGV4dsk5Ge1nfiKsDizuS:WZ97Zh18UjuVvk5GuaKo
Score

10^/10

evasion njrat trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

njratevasiontrojan