njrat | 5160cc503a2c3702bc33af071046a4896ef3bbd95ba7681691bb9ff9769144a1 | Triage

Sharing

General

Target

5160cc503a2c3702bc33af071046a4896ef3bbd95ba7681691bb9ff9769144a1
Size

72KB
Sample

221124-ag2m4shf71
MD5

c3bd5110ac2bfbf0e7cf2b740648ea0b
SHA1

bf3b8b7e2cc3f17ec2c67559a3025f0357f02ad9
SHA256

5160cc503a2c3702bc33af071046a4896ef3bbd95ba7681691bb9ff9769144a1
SHA512

f471d956a01afdb23938a1de498b8233aa485492b9cc968ceda410af2db97ff1e48b81203d82698097edce6095f3ba544f7ed23238a90f0350ea7cf1fb2913e7
SSDEEP

1536:IUoHxHeme0hyXcg+lRD2ibuDqkSZZZ3dP:IXFeme4OFMRDTbwU9

Score

10^/10

njrat ultoz no_ip new evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

Ultoz NO_IP NEW

C2

anti96.myq-see.com:81

Mutex

93f19dda2412c86ad7520ba4198f39a0

Attributes

reg_key
93f19dda2412c86ad7520ba4198f39a0
splitter
|'|'|

Targets

- Target
  
  5160cc503a2c3702bc33af071046a4896ef3bbd95ba7681691bb9ff9769144a1
- Size
  
  72KB
- MD5
  
  c3bd5110ac2bfbf0e7cf2b740648ea0b
- SHA1
  
  bf3b8b7e2cc3f17ec2c67559a3025f0357f02ad9
- SHA256
  
  5160cc503a2c3702bc33af071046a4896ef3bbd95ba7681691bb9ff9769144a1
- SHA512
  
  f471d956a01afdb23938a1de498b8233aa485492b9cc968ceda410af2db97ff1e48b81203d82698097edce6095f3ba544f7ed23238a90f0350ea7cf1fb2913e7
- SSDEEP
  
  1536:IUoHxHeme0hyXcg+lRD2ibuDqkSZZZ3dP:IXFeme4OFMRDTbwU9
Score

10^/10

njrat ultoz no_ip new evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratultoz no_ip newevasionpersistencetrojan

behavioral2

njratultoz no_ip newevasionpersistencetrojan