njrat | debae7a2cd4c5cb4bd680dea8425b08111f75271b052fd9b4e5e600a60af41da | Triage

Sharing

General

Target

debae7a2cd4c5cb4bd680dea8425b08111f75271b052fd9b4e5e600a60af41da
Size

180KB
Sample

221123-p5geeada57
MD5

11efa16fe9bae5f57fa495a89e6ddb77
SHA1

1cb7a353fc406b78c74469308b3e78dc84d1a710
SHA256

debae7a2cd4c5cb4bd680dea8425b08111f75271b052fd9b4e5e600a60af41da
SHA512

b981e2698cec3dff6ac0a036f2ab1403e1bfc87bc96a5954716188449c88e5bc25a295afd4ed32ca354c5853c264dc614203178bf70b20a3419ee315fea26ed4
SSDEEP

3072:1BlaPGH28Sk8qnF0O3x+cKzc855bi/OtsRKdoar:1Bl8gmOBkc85s/wsRKdR

Score

10^/10

njrat arab money evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

ARAB MONEY

C2

munachim.linkpc.net:1608

Mutex

5cd8f17f4086744065eb0992a09e05a2

Attributes

reg_key
5cd8f17f4086744065eb0992a09e05a2
splitter
|'|'|

Targets

- Target
  
  debae7a2cd4c5cb4bd680dea8425b08111f75271b052fd9b4e5e600a60af41da
- Size
  
  180KB
- MD5
  
  11efa16fe9bae5f57fa495a89e6ddb77
- SHA1
  
  1cb7a353fc406b78c74469308b3e78dc84d1a710
- SHA256
  
  debae7a2cd4c5cb4bd680dea8425b08111f75271b052fd9b4e5e600a60af41da
- SHA512
  
  b981e2698cec3dff6ac0a036f2ab1403e1bfc87bc96a5954716188449c88e5bc25a295afd4ed32ca354c5853c264dc614203178bf70b20a3419ee315fea26ed4
- SSDEEP
  
  3072:1BlaPGH28Sk8qnF0O3x+cKzc855bi/OtsRKdoar:1Bl8gmOBkc85s/wsRKdR
Score

10^/10

njrat arab money evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratarab moneyevasionpersistencetrojan

behavioral2

njratarab moneyevasionpersistencetrojan