njrat | 8d820deacf65732d83ddaf92027622845742ef5589ebbd7f919ddb017d029bd1 | Triage

Sharing

General

Target

8d820deacf65732d83ddaf92027622845742ef5589ebbd7f919ddb017d029bd1
Size

912KB
Sample

221123-sy44nsff8t
MD5

484aa69de292970171f21d3c75c1c407
SHA1

258487b4b3c20e9584b44b87ce462d4bc4abbd23
SHA256

8d820deacf65732d83ddaf92027622845742ef5589ebbd7f919ddb017d029bd1
SHA512

aefe82c951b0c1c9add2d1bd917806b3eca151e7fa6f322875833b6169786133e442c8697b1bdf99642983dba23ed5e58abf49e9add61070e915b3b5e0852229
SSDEEP

12288:LrgThZtleF5Xhyhz/5c1cQe/QdxNf8ZWw9CtDhm6+sWFsScWfONIKG1:+HLPhV9/WLvDhmpsOcVNI5

Score

10^/10

njrat hacked bye charssi persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

HacKed bye Charssi

C2

magsi.no-ip.biz:100

Mutex

8515eb34d8f9de5af815466e9715b3e5

Attributes

reg_key
8515eb34d8f9de5af815466e9715b3e5
splitter
|'|'|

Targets

- Target
  
  8d820deacf65732d83ddaf92027622845742ef5589ebbd7f919ddb017d029bd1
- Size
  
  912KB
- MD5
  
  484aa69de292970171f21d3c75c1c407
- SHA1
  
  258487b4b3c20e9584b44b87ce462d4bc4abbd23
- SHA256
  
  8d820deacf65732d83ddaf92027622845742ef5589ebbd7f919ddb017d029bd1
- SHA512
  
  aefe82c951b0c1c9add2d1bd917806b3eca151e7fa6f322875833b6169786133e442c8697b1bdf99642983dba23ed5e58abf49e9add61070e915b3b5e0852229
- SSDEEP
  
  12288:LrgThZtleF5Xhyhz/5c1cQe/QdxNf8ZWw9CtDhm6+sWFsScWfONIKG1:+HLPhV9/WLvDhmpsOcVNI5
Score

10^/10

njrat hacked bye charssi persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

njrathacked bye charssipersistencetrojan