njrat | 0b6d2b4bf74a0048a6d821df552c051e057b0da06e1fab32135aa69a48d767c3 | Triage

Sharing

General

Target

0b6d2b4bf74a0048a6d821df552c051e057b0da06e1fab32135aa69a48d767c3
Size

23KB
Sample

221123-lnq1qsfc4w
MD5

f38eeb8a929f0c74c244d08f4f8a18c0
SHA1

d42402a74afe51da9382ce886480e2ffa13d6b9e
SHA256

0b6d2b4bf74a0048a6d821df552c051e057b0da06e1fab32135aa69a48d767c3
SHA512

b18ecfcc8dee4c72f464622df142044281bb1f310ee4606d9cb45c090db496e5342dd94fb554f7bda7ddba6e11acdc005a0e581673eddf6e541973646bfb8c68
SSDEEP

384:MMQ+SAN7uprgvM5OSUswZXg69gbm4hfpFmRvR6JZlbw8hqIusZzZ7Fm:yOaxVULRpcnu7

Score

10^/10

njrat fazhakerdz evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

fazhakerdz

C2

fazoro25.ddns.net:5553

Mutex

e8c5bf93b369a6542ba3616799921a9d

Attributes

reg_key
e8c5bf93b369a6542ba3616799921a9d
splitter
|'|'|

Targets

- Target
  
  0b6d2b4bf74a0048a6d821df552c051e057b0da06e1fab32135aa69a48d767c3
- Size
  
  23KB
- MD5
  
  f38eeb8a929f0c74c244d08f4f8a18c0
- SHA1
  
  d42402a74afe51da9382ce886480e2ffa13d6b9e
- SHA256
  
  0b6d2b4bf74a0048a6d821df552c051e057b0da06e1fab32135aa69a48d767c3
- SHA512
  
  b18ecfcc8dee4c72f464622df142044281bb1f310ee4606d9cb45c090db496e5342dd94fb554f7bda7ddba6e11acdc005a0e581673eddf6e541973646bfb8c68
- SSDEEP
  
  384:MMQ+SAN7uprgvM5OSUswZXg69gbm4hfpFmRvR6JZlbw8hqIusZzZ7Fm:yOaxVULRpcnu7
Score

10^/10

njrat fazhakerdz evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

fazhakerdznjrat

behavioral1

njratfazhakerdzevasionpersistencetrojan

behavioral2

njratfazhakerdzevasionpersistencetrojan