njrat | 7b3a9805d9948328077b9b66734dfac230e631a969f9f0df9a91d6568c094004 | Triage

Sharing

General

Target

7b3a9805d9948328077b9b66734dfac230e631a969f9f0df9a91d6568c094004
Size

1.2MB
Sample

221124-3dmn1afc55
MD5

2aa9a6fedcd536a0863a2040772cf11d
SHA1

2b8e4757d46aa38e5cbafe0cd64cbb4409f09507
SHA256

7b3a9805d9948328077b9b66734dfac230e631a969f9f0df9a91d6568c094004
SHA512

3fef57b72dfeafba37a1ab78aad232315fca4f078fdd3ef2f84e20f9e9cb99e84ac522a47704ba041f6fcc1d06bd96f41f2c19c61c6fe9b15de6a173a5dfbbd9
SSDEEP

12288:MgadJfTztJr15d2swcOekReZWml4R8cov2tSUJnS9Yss40HQ3TBqqvrLrZTP57l:Yd98+0vAUJnAjBHvr/ZTP57

Score

10^/10

njrat hacked evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

HacKed

C2

joker1787.no-ip.biz:1984

Mutex

5cd8f17f4086744065eb0992a09e05a2

Attributes

reg_key
5cd8f17f4086744065eb0992a09e05a2
splitter
|'|'|

Targets

- Target
  
  7b3a9805d9948328077b9b66734dfac230e631a969f9f0df9a91d6568c094004
- Size
  
  1.2MB
- MD5
  
  2aa9a6fedcd536a0863a2040772cf11d
- SHA1
  
  2b8e4757d46aa38e5cbafe0cd64cbb4409f09507
- SHA256
  
  7b3a9805d9948328077b9b66734dfac230e631a969f9f0df9a91d6568c094004
- SHA512
  
  3fef57b72dfeafba37a1ab78aad232315fca4f078fdd3ef2f84e20f9e9cb99e84ac522a47704ba041f6fcc1d06bd96f41f2c19c61c6fe9b15de6a173a5dfbbd9
- SSDEEP
  
  12288:MgadJfTztJr15d2swcOekReZWml4R8cov2tSUJnS9Yss40HQ3TBqqvrLrZTP57l:Yd98+0vAUJnAjBHvr/ZTP57
Score

10^/10

njrat hacked evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackedevasionpersistencetrojan

behavioral2

njrathackedevasionpersistencetrojan