njrat | 3e13b13589b9754fe00a4ae671ba640b230d97d5bbad5c7234c774956e19579e | Triage

Sharing

General

Target

3e13b13589b9754fe00a4ae671ba640b230d97d5bbad5c7234c774956e19579e
Size

588KB
Sample

221124-eyg29agg57
MD5

a56b4fb6f3d0404a863195d3fd3d4093
SHA1

cc14739bcb183debc6eb83347301a220f328b0e1
SHA256

3e13b13589b9754fe00a4ae671ba640b230d97d5bbad5c7234c774956e19579e
SHA512

0fa15a5f565a479183d3d6bdb44623155d5a8c803a308f1054e22d5168104035d03a563e595a29f260a84f2b0ac2a3f580fa0bd5814a672b41603c779952a6c9
SSDEEP

12288:Hq859UOJHgj/657bEq2MZ8o+wUbS5lYxT5+Fd+Su+UnD9JNG+2xCvzOSXN19:vH5UMEOZzvrYod+n+UD9ryGzOSXN

Score

10^/10

njrat loads evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Loads

C2

whiteserver.mooo.com:400

Mutex

d87c572dcb567ef1c4002658cc4e14f4

Attributes

reg_key
d87c572dcb567ef1c4002658cc4e14f4
splitter
|'|'|

Targets

- Target
  
  3e13b13589b9754fe00a4ae671ba640b230d97d5bbad5c7234c774956e19579e
- Size
  
  588KB
- MD5
  
  a56b4fb6f3d0404a863195d3fd3d4093
- SHA1
  
  cc14739bcb183debc6eb83347301a220f328b0e1
- SHA256
  
  3e13b13589b9754fe00a4ae671ba640b230d97d5bbad5c7234c774956e19579e
- SHA512
  
  0fa15a5f565a479183d3d6bdb44623155d5a8c803a308f1054e22d5168104035d03a563e595a29f260a84f2b0ac2a3f580fa0bd5814a672b41603c779952a6c9
- SSDEEP
  
  12288:Hq859UOJHgj/657bEq2MZ8o+wUbS5lYxT5+Fd+Su+UnD9JNG+2xCvzOSXN19:vH5UMEOZzvrYod+n+UD9ryGzOSXN
Score

10^/10

njrat loads evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratloadsevasionpersistencetrojan

behavioral2

njratloadsevasionpersistencetrojan