njrat | fff7d5f26c4357c5f731b0174b542b40d48265dac20d387993be6e708950a477 | Triage

Sharing

General

Target

fff7d5f26c4357c5f731b0174b542b40d48265dac20d387993be6e708950a477
Size

22KB
Sample

221123-pr8lqsca86
MD5

065150088150b601763bf6eb32529efd
SHA1

5e28035fff3f76c5cb753748006653f88f888cad
SHA256

fff7d5f26c4357c5f731b0174b542b40d48265dac20d387993be6e708950a477
SHA512

acaae4845b207be7f319da13d0f95af7ad374a56587ea35e8c4181c47a7e8eb46407b2364104a8a01c8f3dd2e60aaa5eeaf1069fa85df6dfc9c187c7b4d22488
SSDEEP

384:4sqS+ER6vRKXGYKRWVSujUtX9w6Dglo61Z5D8mRvR6JZlbw8hqIusZzZRFz:vf65K2Yf1jlRpcnuU

Score

10^/10

njrat hacked evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

ebo000000.ddns.net:5553

Mutex

a4458faf28727c8f585dd4dc76455384

Attributes

reg_key
a4458faf28727c8f585dd4dc76455384
splitter
|'|'|

Targets

- Target
  
  fff7d5f26c4357c5f731b0174b542b40d48265dac20d387993be6e708950a477
- Size
  
  22KB
- MD5
  
  065150088150b601763bf6eb32529efd
- SHA1
  
  5e28035fff3f76c5cb753748006653f88f888cad
- SHA256
  
  fff7d5f26c4357c5f731b0174b542b40d48265dac20d387993be6e708950a477
- SHA512
  
  acaae4845b207be7f319da13d0f95af7ad374a56587ea35e8c4181c47a7e8eb46407b2364104a8a01c8f3dd2e60aaa5eeaf1069fa85df6dfc9c187c7b4d22488
- SSDEEP
  
  384:4sqS+ER6vRKXGYKRWVSujUtX9w6Dglo61Z5D8mRvR6JZlbw8hqIusZzZRFz:vf65K2Yf1jlRpcnuU
Score

10^/10

njrat hacked evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackedevasionpersistencetrojan

behavioral2

njrathackedevasionpersistencetrojan