njrat | 65d846eb83a58df36caae2ee98fdadcc6963736dbad3be9d4fa55cf3b362b3c5 | Triage

Sharing

General

Target

65d846eb83a58df36caae2ee98fdadcc6963736dbad3be9d4fa55cf3b362b3c5
Size

29KB
Sample

221123-vh5flshb44
MD5

0a704142b5eefeb3f5880bdce31a5668
SHA1

6890b1d90b26b3a32c1f5cf93bd91d916aa40db4
SHA256

65d846eb83a58df36caae2ee98fdadcc6963736dbad3be9d4fa55cf3b362b3c5
SHA512

e4b8f7bf4a311c5a3f025249c346cc0890d74d60d3765d71546cef4a490380de72e7ddca714b0cc4304ad91e621fc7ef0f8cb0b31bf6b967586e1769f573335d
SSDEEP

384:taFCtl7Dh+oqIqEXV5HEQTGumqDgN3eH6GBsbh0w4wlAokw9OhgOL1vYRGOZzSZG:j74oqIjlLTAqM3eFBKh0p29SgRkG

Score

10^/10

njrat hacked trojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

HacKed

C2

www-avira1.sytes.net:1993

Mutex

93f19dda2412c86ad7520ba4198f39a0

Attributes

reg_key
93f19dda2412c86ad7520ba4198f39a0
splitter
|'|'|

Targets

- Target
  
  65d846eb83a58df36caae2ee98fdadcc6963736dbad3be9d4fa55cf3b362b3c5
- Size
  
  29KB
- MD5
  
  0a704142b5eefeb3f5880bdce31a5668
- SHA1
  
  6890b1d90b26b3a32c1f5cf93bd91d916aa40db4
- SHA256
  
  65d846eb83a58df36caae2ee98fdadcc6963736dbad3be9d4fa55cf3b362b3c5
- SHA512
  
  e4b8f7bf4a311c5a3f025249c346cc0890d74d60d3765d71546cef4a490380de72e7ddca714b0cc4304ad91e621fc7ef0f8cb0b31bf6b967586e1769f573335d
- SSDEEP
  
  384:taFCtl7Dh+oqIqEXV5HEQTGumqDgN3eH6GBsbh0w4wlAokw9OhgOL1vYRGOZzSZG:j74oqIjlLTAqM3eFBKh0p29SgRkG
Score

10^/10

njrat hacked trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackedtrojan

behavioral2

njrathackedtrojan