njrat | 632421e649e89aaa16cbcc20f3dcdde9dbb872e31f4fe44d3655525f948af02e | Triage

Sharing

General

Target

632421e649e89aaa16cbcc20f3dcdde9dbb872e31f4fe44d3655525f948af02e
Size

140KB
Sample

221123-vj8jnahc24
MD5

cae54369d90e928a61881270209b6e43
SHA1

8add6ba702b3ec9a960dd3cbbbdde7b7112e1d84
SHA256

632421e649e89aaa16cbcc20f3dcdde9dbb872e31f4fe44d3655525f948af02e
SHA512

28f7cecaabb00fb5108e3bc61548c4531141e009ced38318b32cf28a8cb3dea6e609ec5afb906d62552193b8dc3c4cad83ef2444aa903fb602334954e1b1c775
SSDEEP

768:9qVzBDWxi9W6jNPx0g8LhHgDrhJ6+jr8eoGB8:kzBYi9W6jZx0g8F+jEeoq8

Score

10^/10

njrat evasion persistence trojan

Malware Config

Targets

- Target
  
  632421e649e89aaa16cbcc20f3dcdde9dbb872e31f4fe44d3655525f948af02e
- Size
  
  140KB
- MD5
  
  cae54369d90e928a61881270209b6e43
- SHA1
  
  8add6ba702b3ec9a960dd3cbbbdde7b7112e1d84
- SHA256
  
  632421e649e89aaa16cbcc20f3dcdde9dbb872e31f4fe44d3655525f948af02e
- SHA512
  
  28f7cecaabb00fb5108e3bc61548c4531141e009ced38318b32cf28a8cb3dea6e609ec5afb906d62552193b8dc3c4cad83ef2444aa903fb602334954e1b1c775
- SSDEEP
  
  768:9qVzBDWxi9W6jNPx0g8LhHgDrhJ6+jr8eoGB8:kzBYi9W6jZx0g8F+jEeoq8
Score

10^/10

evasion persistence njrat trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

njratevasionpersistencetrojan