njrat | 51a0de4b9e8bc9b7b9045aaf54669a2bdcb8bbb1aa05146ad79f72bd59ad5d02 | Triage

Sharing

General

Target

51a0de4b9e8bc9b7b9045aaf54669a2bdcb8bbb1aa05146ad79f72bd59ad5d02
Size

121KB
Sample

221123-vrtepscg2t
MD5

ac462d3569cd2f22c6f0510cc23ffa0f
SHA1

e14a477db250cd072a1cb787bb03c4c88ced88ce
SHA256

51a0de4b9e8bc9b7b9045aaf54669a2bdcb8bbb1aa05146ad79f72bd59ad5d02
SHA512

ef2fc9b87661885a187bf0c1b66778ce7a25766eaee7f834d9f9b289b3d1b19e08c9064e4de27286cbbb5aae008eda75f73c6244b695dc578ec74f7e245544c9
SSDEEP

3072:bS680+GDfptuq2eYvFbDXrkdrsmOBuUi:b1tuqYlDbsrLOBji

Score

10^/10

njrat ‏فہۧايہۧروسہ الہۧعہۧراق هناا evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

‏فہۧايہۧروسہ الہۧعہۧراق هناا

C2

jaki3254.ddns.net:2001

Mutex

85039fd7c6f37e1e0601b12298c6e30f

Attributes

reg_key
85039fd7c6f37e1e0601b12298c6e30f
splitter
|'|'|

Targets

- Target
  
  51a0de4b9e8bc9b7b9045aaf54669a2bdcb8bbb1aa05146ad79f72bd59ad5d02
- Size
  
  121KB
- MD5
  
  ac462d3569cd2f22c6f0510cc23ffa0f
- SHA1
  
  e14a477db250cd072a1cb787bb03c4c88ced88ce
- SHA256
  
  51a0de4b9e8bc9b7b9045aaf54669a2bdcb8bbb1aa05146ad79f72bd59ad5d02
- SHA512
  
  ef2fc9b87661885a187bf0c1b66778ce7a25766eaee7f834d9f9b289b3d1b19e08c9064e4de27286cbbb5aae008eda75f73c6244b695dc578ec74f7e245544c9
- SSDEEP
  
  3072:bS680+GDfptuq2eYvFbDXrkdrsmOBuUi:b1tuqYlDbsrLOBji
Score

10^/10

njrat ‏فہۧايہۧروسہ الہۧعہۧراق هناا evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

‏فہۧايہۧروسہ الہۧعہۧراق هنااnjrat

behavioral1

njrat‏فہۧايہۧروسہ الہۧعہۧراق هنااevasionpersistencetrojan

behavioral2

njrat‏فہۧايہۧروسہ الہۧعہۧراق هنااevasionpersistencetrojan