njrat | ca6a77db84716aacd6a0ac7f5197cfa01dc82a5df8744ac36b6627de7ec4387d | Triage

Sharing

General

Target

ca6a77db84716aacd6a0ac7f5197cfa01dc82a5df8744ac36b6627de7ec4387d
Size

267KB
Sample

221124-eya9psgg52
MD5

85045d82e3a7bb183ea9c04db7b503a0
SHA1

258f97917002fe2600f68ea1f4b6ac7ff8d62d09
SHA256

ca6a77db84716aacd6a0ac7f5197cfa01dc82a5df8744ac36b6627de7ec4387d
SHA512

5f1324c8a5d4a5006cdfe30ab488c0d279f9e51b6f4d1fa07ae99279acfd6d790b914d287fc48ab37a10c7de3bf46e5b8abe5185b71b5403ff61698466ec3cb9
SSDEEP

3072:r+JCFmhkzqRizojXKGbKgF8baRYX2NCIHIxCLsV2nVPJkLAOH1WM0dOUdLdBes5P:rdyRizyhbtJ8z0dDv

Score

10^/10

njrat evasion trojan

Malware Config

Targets

- Target
  
  ca6a77db84716aacd6a0ac7f5197cfa01dc82a5df8744ac36b6627de7ec4387d
- Size
  
  267KB
- MD5
  
  85045d82e3a7bb183ea9c04db7b503a0
- SHA1
  
  258f97917002fe2600f68ea1f4b6ac7ff8d62d09
- SHA256
  
  ca6a77db84716aacd6a0ac7f5197cfa01dc82a5df8744ac36b6627de7ec4387d
- SHA512
  
  5f1324c8a5d4a5006cdfe30ab488c0d279f9e51b6f4d1fa07ae99279acfd6d790b914d287fc48ab37a10c7de3bf46e5b8abe5185b71b5403ff61698466ec3cb9
- SSDEEP
  
  3072:r+JCFmhkzqRizojXKGbKgF8baRYX2NCIHIxCLsV2nVPJkLAOH1WM0dOUdLdBes5P:rdyRizyhbtJ8z0dDv
Score

10^/10

evasion njrat trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

njratevasiontrojan