njrat | 65d846eb83a58df36caae2ee98fdadcc6963736dbad3be9d4fa55cf3b362b3c5 | Triage

Sharing

General

Target

65d846eb83a58df36caae2ee98fdadcc6963736dbad3be9d4fa55cf3b362b3c5
Size

29KB
Sample

221123-vh5flshb44
MD5

0a704142b5eefeb3f5880bdce31a5668
SHA1

6890b1d90b26b3a32c1f5cf93bd91d916aa40db4
SHA256

65d846eb83a58df36caae2ee98fdadcc6963736dbad3be9d4fa55cf3b362b3c5
SHA512

e4b8f7bf4a311c5a3f025249c346cc0890d74d60d3765d71546cef4a490380de72e7ddca714b0cc4304ad91e621fc7ef0f8cb0b31bf6b967586e1769f573335d
SSDEEP

384:taFCtl7Dh+oqIqEXV5HEQTGumqDgN3eH6GBsbh0w4wlAokw9OhgOL1vYRGOZzSZG:j74oqIjlLTAqM3eFBKh0p29SgRkG

Score

10^/10

njrat hacked trojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

HacKed

C2

www-avira1.sytes.net:1993

Mutex

93f19dda2412c86ad7520ba4198f39a0

Attributes

reg_key
93f19dda2412c86ad7520ba4198f39a0
splitter
|'|'|

Targets

- Target
  
  65d846eb83a58df36caae2ee98fdadcc6963736dbad3be9d4fa55cf3b362b3c5
- Size
  
  29KB
- MD5
  
  0a704142b5eefeb3f5880bdce31a5668
- SHA1
  
  6890b1d90b26b3a32c1f5cf93bd91d916aa40db4
- SHA256
  
  65d846eb83a58df36caae2ee98fdadcc6963736dbad3be9d4fa55cf3b362b3c5
- SHA512
  
  e4b8f7bf4a311c5a3f025249c346cc0890d74d60d3765d71546cef4a490380de72e7ddca714b0cc4304ad91e621fc7ef0f8cb0b31bf6b967586e1769f573335d
- SSDEEP
  
  384:taFCtl7Dh+oqIqEXV5HEQTGumqDgN3eH6GBsbh0w4wlAokw9OhgOL1vYRGOZzSZG:j74oqIjlLTAqM3eFBKh0p29SgRkG
Score

10^/10

njrat hacked trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathackedtrojan

behavioral2

njrathackedtrojan