njrat | afa9db006091e98d6791d20c5cec1d0dd86e16d228d9dbd160809f605a906a1d | Triage

Sharing

General

Target

afa9db006091e98d6791d20c5cec1d0dd86e16d228d9dbd160809f605a906a1d
Size

145KB
Sample

221123-qmjmgsec98
MD5

7afa4aaa5a91b205c95473889efa938f
SHA1

cc02d61e647552800ad670ec90d174a9942f0860
SHA256

afa9db006091e98d6791d20c5cec1d0dd86e16d228d9dbd160809f605a906a1d
SHA512

4e1c3c38383bc19bceed0b033f541ce6573e55cfc4dd2e5081030d25a8a0ed8150622eb8cf1837f095c09b3a0c3916e76842ee6ad6aa1299bcf9d04f04b6a43e
SSDEEP

3072:IJMTHqUmzLu4880icz8VMt5cRDmNlQwKOzoaqTmY6AvL:YMuUWLj88mz8MtSGRxwy

Score

10^/10

njrat evasion persistence trojan

Malware Config

Targets

- Target
  
  afa9db006091e98d6791d20c5cec1d0dd86e16d228d9dbd160809f605a906a1d
- Size
  
  145KB
- MD5
  
  7afa4aaa5a91b205c95473889efa938f
- SHA1
  
  cc02d61e647552800ad670ec90d174a9942f0860
- SHA256
  
  afa9db006091e98d6791d20c5cec1d0dd86e16d228d9dbd160809f605a906a1d
- SHA512
  
  4e1c3c38383bc19bceed0b033f541ce6573e55cfc4dd2e5081030d25a8a0ed8150622eb8cf1837f095c09b3a0c3916e76842ee6ad6aa1299bcf9d04f04b6a43e
- SSDEEP
  
  3072:IJMTHqUmzLu4880icz8VMt5cRDmNlQwKOzoaqTmY6AvL:YMuUWLj88mz8MtSGRxwy
Score

10^/10

evasion persistence njrat trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

njratevasionpersistencetrojan