njrat | abdd5a9c8d0ebce3064c11608b96b99194ff9d0e53322fcd557f35f832c3d76e | Triage

Sharing

General

Target

abdd5a9c8d0ebce3064c11608b96b99194ff9d0e53322fcd557f35f832c3d76e
Size

23KB
Sample

221123-s9de4add43
MD5

174dbc902fdc8d1b3cf8473015aeae85
SHA1

e99d3c3cc51c5987d0f5e1d12d156d0247c1ffec
SHA256

abdd5a9c8d0ebce3064c11608b96b99194ff9d0e53322fcd557f35f832c3d76e
SHA512

880f7ad0c6ba91dd4cb100f3b03653d09193f126c8f78b6d7e051611ef04cbd5d2cd0b5006b172dfcef2e3dd4150c41daf707634e1fbbfdfed40737c3258813c
SSDEEP

384:2LQeCo2zmZbQHkJeCdUwBvQ61gjuQBnB9mRvR6JZlbw8hqIusZzZnf:2s5yBVd7RpcnuQ

Score

10^/10

njrat hacked evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

soultaker1.ddns.net:1177

Mutex

959bf97e0a59564fda4dd890fa915788

Attributes

reg_key
959bf97e0a59564fda4dd890fa915788
splitter
|'|'|

Targets

- Target
  
  abdd5a9c8d0ebce3064c11608b96b99194ff9d0e53322fcd557f35f832c3d76e
- Size
  
  23KB
- MD5
  
  174dbc902fdc8d1b3cf8473015aeae85
- SHA1
  
  e99d3c3cc51c5987d0f5e1d12d156d0247c1ffec
- SHA256
  
  abdd5a9c8d0ebce3064c11608b96b99194ff9d0e53322fcd557f35f832c3d76e
- SHA512
  
  880f7ad0c6ba91dd4cb100f3b03653d09193f126c8f78b6d7e051611ef04cbd5d2cd0b5006b172dfcef2e3dd4150c41daf707634e1fbbfdfed40737c3258813c
- SSDEEP
  
  384:2LQeCo2zmZbQHkJeCdUwBvQ61gjuQBnB9mRvR6JZlbw8hqIusZzZnf:2s5yBVd7RpcnuQ
Score

10^/10

njrat hacked evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackedevasiontrojan

behavioral2

njrathackedevasiontrojan