njrat | 6e84440095fadd2385619f18d300b5e31cca9904f7485bc45c001d891d992e5d

General

Target

6e84440095fadd2385619f18d300b5e31cca9904f7485bc45c001d891d992e5d
Size

40KB
Sample

221123-lpl36sbh59
MD5

d0c18f032cb86b521a8c37ea7aed97a0
SHA1

8985d7d820f493b4411641848ae4a15c210a33d8
SHA256

6e84440095fadd2385619f18d300b5e31cca9904f7485bc45c001d891d992e5d
SHA512

0339f8a2813d5ec6240af569375100cbda44b730a5f4ab6d179a53d8efef7134e346df6cbb67abe97417f5d49920337f2107853043e5faddc222704c20f6cde9
SSDEEP

768:3QeeeSQPhpV+zPPzvkjZoVuGKhpX6dg+8TZLEfIHS4QCJZXhFNBCdBZ:heY+LzcOpNIeA1NBCjZ

Score

10^/10

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

nofacenoplace.no-ip.biz:9500

Mutex

04fa873389f4bb4b287527683daea520

Attributes

reg_key
04fa873389f4bb4b287527683daea520
splitter
|'|'|

Targets

- Target
  
  6e84440095fadd2385619f18d300b5e31cca9904f7485bc45c001d891d992e5d
- Size
  
  40KB
- MD5
  
  d0c18f032cb86b521a8c37ea7aed97a0
- SHA1
  
  8985d7d820f493b4411641848ae4a15c210a33d8
- SHA256
  
  6e84440095fadd2385619f18d300b5e31cca9904f7485bc45c001d891d992e5d
- SHA512
  
  0339f8a2813d5ec6240af569375100cbda44b730a5f4ab6d179a53d8efef7134e346df6cbb67abe97417f5d49920337f2107853043e5faddc222704c20f6cde9
- SSDEEP
  
  768:3QeeeSQPhpV+zPPzvkjZoVuGKhpX6dg+8TZLEfIHS4QCJZXhFNBCdBZ:heY+LzcOpNIeA1NBCjZ
Score

10^/10

njrat hacked trojan microsoft persistence phishing
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
- Detected potential entity reuse from brand microsoft.
  phishing microsoft
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

3

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

njRAT/Bladabindi

Checks computer location settings

Drops startup file

Adds Run key to start application

Detected potential entity reuse from brand microsoft.

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2