njrat | 85eb70322648b91b6731ae31fefd7307bf1243d5076a0312367461b57d4ea101 | Triage

Sharing

General

Target

85eb70322648b91b6731ae31fefd7307bf1243d5076a0312367461b57d4ea101
Size

56KB
Sample

221123-q3mn3sae9t
MD5

6ec722039c95fda117a7a8e37057c689
SHA1

924187760a08fe76aca2c83d222009f4310a9736
SHA256

85eb70322648b91b6731ae31fefd7307bf1243d5076a0312367461b57d4ea101
SHA512

4d3e947a4a7ba7306ca14dcf0c071d1ee7d7526e7fefe5f2179626ca97d781d94f7c8207a142d6e00d43d0975abbc67ebd4817360033c04a4e3e23e0ef359b2a
SSDEEP

768:G/sgxcAtCL90oWAktUOqWTRHV/oZkTXyxnPurcrxT/fnF+l7R5sTgbOluT:cxc6CLeoWA5ZWTRHCZkOtzfstRe+OlO

Score

10^/10

njrat us account evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

US ACCOUNT

C2

212.7.208.123:6020

Mutex

93f19dda2412c86ad7520ba4198f39a0

Attributes

reg_key
93f19dda2412c86ad7520ba4198f39a0
splitter
|'|'|

Targets

- Target
  
  85eb70322648b91b6731ae31fefd7307bf1243d5076a0312367461b57d4ea101
- Size
  
  56KB
- MD5
  
  6ec722039c95fda117a7a8e37057c689
- SHA1
  
  924187760a08fe76aca2c83d222009f4310a9736
- SHA256
  
  85eb70322648b91b6731ae31fefd7307bf1243d5076a0312367461b57d4ea101
- SHA512
  
  4d3e947a4a7ba7306ca14dcf0c071d1ee7d7526e7fefe5f2179626ca97d781d94f7c8207a142d6e00d43d0975abbc67ebd4817360033c04a4e3e23e0ef359b2a
- SSDEEP
  
  768:G/sgxcAtCL90oWAktUOqWTRHV/oZkTXyxnPurcrxT/fnF+l7R5sTgbOluT:cxc6CLeoWA5ZWTRHCZkOtzfstRe+OlO
Score

10^/10

njrat us account evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratus accountevasionpersistencetrojan

behavioral2

njratus accountevasionpersistencetrojan