njrat | c16377a25b5e9888be5e7c46663a01a6f361fc0c70ba1b9e538805952490b9bc | Triage

Sharing

General

Target

c16377a25b5e9888be5e7c46663a01a6f361fc0c70ba1b9e538805952490b9bc
Size

44KB
Sample

221123-mp84daef86
MD5

d2b8a106c29dac903ad8ebeb5fc84f6f
SHA1

5b4fe7cd5a6444eaee074d214cfd0ed712d46b3c
SHA256

c16377a25b5e9888be5e7c46663a01a6f361fc0c70ba1b9e538805952490b9bc
SHA512

596ca15887de0cec578609bf966149057dceda5edf732cb9f788536c28a2130d757909e459f0f2f1d3160e632d6431bf5c7a41ee6a2dcbcb8b6bb7a755ffbb04
SSDEEP

768:YHPOFt6gtzDFHZiS1v+yBzrBQJRriq+9Q:uWUylr1vh3BQJRez9Q

Score

10^/10

njrat hacker 8 evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HaCkEr 8

C2

xxx99.zapto.org:88

Mutex

a3d748392c83eb40cc2f4a5e2518c816

Attributes

reg_key
a3d748392c83eb40cc2f4a5e2518c816
splitter
|'|'|

Targets

- Target
  
  c16377a25b5e9888be5e7c46663a01a6f361fc0c70ba1b9e538805952490b9bc
- Size
  
  44KB
- MD5
  
  d2b8a106c29dac903ad8ebeb5fc84f6f
- SHA1
  
  5b4fe7cd5a6444eaee074d214cfd0ed712d46b3c
- SHA256
  
  c16377a25b5e9888be5e7c46663a01a6f361fc0c70ba1b9e538805952490b9bc
- SHA512
  
  596ca15887de0cec578609bf966149057dceda5edf732cb9f788536c28a2130d757909e459f0f2f1d3160e632d6431bf5c7a41ee6a2dcbcb8b6bb7a755ffbb04
- SSDEEP
  
  768:YHPOFt6gtzDFHZiS1v+yBzrBQJRriq+9Q:uWUylr1vh3BQJRez9Q
Score

10^/10

njrat hacker 8 evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathacker 8evasiontrojan

behavioral2

njrathacker 8evasiontrojan