njrat | 9f607ac52b81600c5a3beba12a66e195002828cb39399686a55b18d9b73881fe | Triage

Sharing

General

Target

9f607ac52b81600c5a3beba12a66e195002828cb39399686a55b18d9b73881fe
Size

1.9MB
Sample

221124-1demaaba22
MD5

456952d17c871d449afafcce12d7baa1
SHA1

0518c5d91c0a8873d5dd81f9d2866168eef07745
SHA256

9f607ac52b81600c5a3beba12a66e195002828cb39399686a55b18d9b73881fe
SHA512

d45bcc6b0c7dbcef7aa40d600006814fd964ef766a1cfd577f9c336f45cd60f4b102059dafecc74822258998f00fb7201cbb9a648027d01826ff154159af8d06
SSDEEP

49152:b1dlZoFnxOIjuDBhqcTVSSrelkkSeWavYzlM0Rdsh5XI:b1dl2FnxOIjuDBhqcxPeTSe7n0RuPI

Score

10^/10

njrat evasion persistence trojan

Malware Config

Targets

- Target
  
  9f607ac52b81600c5a3beba12a66e195002828cb39399686a55b18d9b73881fe
- Size
  
  1.9MB
- MD5
  
  456952d17c871d449afafcce12d7baa1
- SHA1
  
  0518c5d91c0a8873d5dd81f9d2866168eef07745
- SHA256
  
  9f607ac52b81600c5a3beba12a66e195002828cb39399686a55b18d9b73881fe
- SHA512
  
  d45bcc6b0c7dbcef7aa40d600006814fd964ef766a1cfd577f9c336f45cd60f4b102059dafecc74822258998f00fb7201cbb9a648027d01826ff154159af8d06
- SSDEEP
  
  49152:b1dlZoFnxOIjuDBhqcTVSSrelkkSeWavYzlM0Rdsh5XI:b1dl2FnxOIjuDBhqcxPeTSe7n0RuPI
Score

10^/10

njrat evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njratevasionpersistencetrojan

behavioral2