njrat | d748d6a023d67f97f954a7caf218533dabb87faf846f6726e83516c553bceaa5 | Triage

Sharing

General

Target

d748d6a023d67f97f954a7caf218533dabb87faf846f6726e83516c553bceaa5
Size

30KB
Sample

221123-s8h9ysdc75
MD5

4a1f729ab449aebf18a7c07caf2ce9bd
SHA1

d5a4c754fa7cde06af3e229fb6077c95d1dfc04c
SHA256

d748d6a023d67f97f954a7caf218533dabb87faf846f6726e83516c553bceaa5
SHA512

c812e4fb7c7a420493f9f375cdd8cf608e63f4caa80e44682945bb8370a72e3ccffd7f5869e8ff7be0889f492f7eadb829a78e80cb86da6fa9bca3165837c172
SSDEEP

384:agaFCtl7Dh+oqIqEtl5rBGAiumqDUtDe4qGBsbh0w4wlAokw9OhgOL1vYRGOZzJ1:aC74oqIjjLGAcqoDeABKh0p29SgRhsH

Score

10^/10

njrat hacked by gmayka evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

HackeD By Gmayka

C2

ramyok.no-ip.biz:1177

Mutex

af029b7100cbb27d8c0472b97315e8d5

Attributes

reg_key
af029b7100cbb27d8c0472b97315e8d5
splitter
|'|'|

Targets

- Target
  
  d748d6a023d67f97f954a7caf218533dabb87faf846f6726e83516c553bceaa5
- Size
  
  30KB
- MD5
  
  4a1f729ab449aebf18a7c07caf2ce9bd
- SHA1
  
  d5a4c754fa7cde06af3e229fb6077c95d1dfc04c
- SHA256
  
  d748d6a023d67f97f954a7caf218533dabb87faf846f6726e83516c553bceaa5
- SHA512
  
  c812e4fb7c7a420493f9f375cdd8cf608e63f4caa80e44682945bb8370a72e3ccffd7f5869e8ff7be0889f492f7eadb829a78e80cb86da6fa9bca3165837c172
- SSDEEP
  
  384:agaFCtl7Dh+oqIqEtl5rBGAiumqDUtDe4qGBsbh0w4wlAokw9OhgOL1vYRGOZzJ1:aC74oqIjjLGAcqoDeABKh0p29SgRhsH
Score

10^/10

njrat hacked by gmayka evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

hacked by gmaykanjrat

behavioral1

njrathacked by gmaykaevasionpersistencetrojan

behavioral2

njrathacked by gmaykaevasionpersistencetrojan