njrat | 2413b7f8b03acf212c1c9bd092dc8892d74885dc49e2d926d607618f203fa960 | Triage

Sharing

General

Target

2413b7f8b03acf212c1c9bd092dc8892d74885dc49e2d926d607618f203fa960
Size

28KB
Sample

221123-lnmnbabg85
MD5

3492d6c98dd85f9abcc6c34cf4491998
SHA1

212d4d385f72d7906e3ea7832e5c720dc392021f
SHA256

2413b7f8b03acf212c1c9bd092dc8892d74885dc49e2d926d607618f203fa960
SHA512

bdfaf0e244355b12ffbf6e473a270d5247fbfb8b0960c1e478b866940956b8eb0088e9bc7699ecd0ada85b250224ba059c538618cf6f2ee4f6a8ffcfc8c66e31
SSDEEP

384:WCZ2hJl7tjrMSJIeURd545rCWmqDebDveoEGBsbh0w4wlAokw9OhgOL1vYRGOZzG:VM79MSJ07srcqETe6BKh0p29SgRj+t

Score

10^/10

njrat đǿsħka ħąĉķễr evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

Đǿsħka ĦąĈķễr

C2

ahmad-rimawi1998.zapto.org:1188

Mutex

1ffcf52b0cd64d83554855bd6f04fc1f

Attributes

reg_key
1ffcf52b0cd64d83554855bd6f04fc1f
splitter
|'|'|

Targets

- Target
  
  2413b7f8b03acf212c1c9bd092dc8892d74885dc49e2d926d607618f203fa960
- Size
  
  28KB
- MD5
  
  3492d6c98dd85f9abcc6c34cf4491998
- SHA1
  
  212d4d385f72d7906e3ea7832e5c720dc392021f
- SHA256
  
  2413b7f8b03acf212c1c9bd092dc8892d74885dc49e2d926d607618f203fa960
- SHA512
  
  bdfaf0e244355b12ffbf6e473a270d5247fbfb8b0960c1e478b866940956b8eb0088e9bc7699ecd0ada85b250224ba059c538618cf6f2ee4f6a8ffcfc8c66e31
- SSDEEP
  
  384:WCZ2hJl7tjrMSJIeURd545rCWmqDebDveoEGBsbh0w4wlAokw9OhgOL1vYRGOZzG:VM79MSJ07srcqETe6BKh0p29SgRj+t
Score

10^/10

njrat đǿsħka ħąĉķễr evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

đǿsħka ħąĉķễrnjrat

behavioral1

njratđǿsħka ħąĉķễrevasiontrojan

behavioral2

njratđǿsħka ħąĉķễrtrojan