njrat | bccab244b62b373fa363a3507e00c41c6abc133093f4f072961e2a00e20cfb93 | Triage

Sharing

General

Target

bccab244b62b373fa363a3507e00c41c6abc133093f4f072961e2a00e20cfb93
Size

29KB
Sample

221124-ezxjbsgh55
MD5

3ba3b7dc5a2402d25e8d397679d111ae
SHA1

1fa0426ba293720c8c12e2509b115b8d71bcc947
SHA256

bccab244b62b373fa363a3507e00c41c6abc133093f4f072961e2a00e20cfb93
SHA512

b8bcdb0e53f93f6fdf22eda27ab92d69c47bb9d08361091541200032e90e4cbe8d0f686ee8c5b4c6006c7fd3e0d8dd5e8e65bcebd43b9bbdd7035f38f2f0cf40
SSDEEP

384:M4J55l71rzsqiYtBL591rCGmqDGzjeP0GBsbh0w4wlAokw9OhgOL1vYRGOZzpZYb:Z7FsqiIpdrsqUjevBKh0p29SgRTY

Score

10^/10

njrat prince muhammed evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

Prince Muhammed

C2

iammuhammed.noip.me:1177

Mutex

ba4c12bee3027d94da5c81db2d196bfd

Attributes

reg_key
ba4c12bee3027d94da5c81db2d196bfd
splitter
|'|'|

Targets

- Target
  
  bccab244b62b373fa363a3507e00c41c6abc133093f4f072961e2a00e20cfb93
- Size
  
  29KB
- MD5
  
  3ba3b7dc5a2402d25e8d397679d111ae
- SHA1
  
  1fa0426ba293720c8c12e2509b115b8d71bcc947
- SHA256
  
  bccab244b62b373fa363a3507e00c41c6abc133093f4f072961e2a00e20cfb93
- SHA512
  
  b8bcdb0e53f93f6fdf22eda27ab92d69c47bb9d08361091541200032e90e4cbe8d0f686ee8c5b4c6006c7fd3e0d8dd5e8e65bcebd43b9bbdd7035f38f2f0cf40
- SSDEEP
  
  384:M4J55l71rzsqiYtBL591rCGmqDGzjeP0GBsbh0w4wlAokw9OhgOL1vYRGOZzpZYb:Z7FsqiIpdrsqUjevBKh0p29SgRTY
Score

10^/10

njrat prince muhammed evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

prince muhammednjrat

behavioral1

njratprince muhammedevasiontrojan

behavioral2

njratprince muhammedevasiontrojan