njrat | 386cc33cac542ea2c22b73f69d83b5561d6612f14cc374cc40415ca634a8d0d4 | Triage

Sharing

General

Target

386cc33cac542ea2c22b73f69d83b5561d6612f14cc374cc40415ca634a8d0d4
Size

30KB
Sample

221123-vef9lsgg79
MD5

35e4fb6ca6c2ffe4af82b86157544979
SHA1

c81d8092b672e6ab97d63751049285779f6ec303
SHA256

386cc33cac542ea2c22b73f69d83b5561d6612f14cc374cc40415ca634a8d0d4
SHA512

3d8727229e4b7d6eea83e9373adb24e9d28220276f4fac1705212a00dbc87c53da452e76bac97f7fb74080e0e66ba17839b8564bb5516b38466dbcb29e0d94f6
SSDEEP

384:wAx0nuhdl9xN0G6/ELrB++h2JfG9HT6Pq2XFg82G5Fk4tZSTIwlYyN:wfnuhms4+h2JfG9HT6PTuXAt4

Score

10^/10

njrat evasion persistence trojan

Malware Config

Targets

- Target
  
  386cc33cac542ea2c22b73f69d83b5561d6612f14cc374cc40415ca634a8d0d4
- Size
  
  30KB
- MD5
  
  35e4fb6ca6c2ffe4af82b86157544979
- SHA1
  
  c81d8092b672e6ab97d63751049285779f6ec303
- SHA256
  
  386cc33cac542ea2c22b73f69d83b5561d6612f14cc374cc40415ca634a8d0d4
- SHA512
  
  3d8727229e4b7d6eea83e9373adb24e9d28220276f4fac1705212a00dbc87c53da452e76bac97f7fb74080e0e66ba17839b8564bb5516b38466dbcb29e0d94f6
- SSDEEP
  
  384:wAx0nuhdl9xN0G6/ELrB++h2JfG9HT6Pq2XFg82G5Fk4tZSTIwlYyN:wfnuhms4+h2JfG9HT6PTuXAt4
Score

10^/10

evasion persistence njrat trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

njratevasionpersistencetrojan