njrat | 21291467b0ccc071fe21bc4dfb99b466aab187af50c0b0b8999f55f96f5b8bcf | Triage

Sharing

General

Target

21291467b0ccc071fe21bc4dfb99b466aab187af50c0b0b8999f55f96f5b8bcf
Size

4.3MB
Sample

221124-eydptsca4v
MD5

10365cad027d585cbb35187edadd3de8
SHA1

7f2a44cc811016e2e4655b58c697aff9366dfe2b
SHA256

21291467b0ccc071fe21bc4dfb99b466aab187af50c0b0b8999f55f96f5b8bcf
SHA512

513c9cadf48f4ad2675a52c752f33f339a4f26f5a64b666af3498a23ef775f5b70e5b1f7400e3bb5be94a66599267c07d35dcfabe65481f3974754c9eeae0889
SSDEEP

98304:0sKMWjUBnr7K/QwKFdpx6c0q0H30xy2iwIzSxIejgOYFt:0s+jUB32FYdpV0SihzSxKO4

Score

10^/10

njrat cruzx pain evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Cruzx Pain

C2

eslamdarko.no-ip.org:5552

Mutex

1f54ba241b66e82bbfd9eab0ca5f2691

Attributes

reg_key
1f54ba241b66e82bbfd9eab0ca5f2691
splitter
|'|'|

Targets

- Target
  
  21291467b0ccc071fe21bc4dfb99b466aab187af50c0b0b8999f55f96f5b8bcf
- Size
  
  4.3MB
- MD5
  
  10365cad027d585cbb35187edadd3de8
- SHA1
  
  7f2a44cc811016e2e4655b58c697aff9366dfe2b
- SHA256
  
  21291467b0ccc071fe21bc4dfb99b466aab187af50c0b0b8999f55f96f5b8bcf
- SHA512
  
  513c9cadf48f4ad2675a52c752f33f339a4f26f5a64b666af3498a23ef775f5b70e5b1f7400e3bb5be94a66599267c07d35dcfabe65481f3974754c9eeae0889
- SSDEEP
  
  98304:0sKMWjUBnr7K/QwKFdpx6c0q0H30xy2iwIzSxIejgOYFt:0s+jUB32FYdpV0SihzSxKO4
Score

10^/10

njrat cruzx pain evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratcruzx painevasionpersistencetrojan

behavioral2

njratcruzx painevasionpersistencetrojan