njrat | 9b44ccb6e01dd9a3e020e0dbd26a6d8804fa882729cad3f95dfe2705337aaa0c | Triage

Sharing

General

Target

9b44ccb6e01dd9a3e020e0dbd26a6d8804fa882729cad3f95dfe2705337aaa0c
Size

111KB
Sample

221124-gdg8mafd4y
MD5

7f06af4daf30a10baa152fdc52a3680d
SHA1

378fc79c50bb028781b907d84a2bab105673e801
SHA256

9b44ccb6e01dd9a3e020e0dbd26a6d8804fa882729cad3f95dfe2705337aaa0c
SHA512

84b26c0155374a2a93dfaae5ccc615a1f02a92f5fe276140163f108ddf69be703a0886484239ba1b29ab6e9a276df0ffbc0a9aadfdb75c2b33cd799ae2826362
SSDEEP

3072:tM/LO9qCD8qD81rxA1647lFFainRuAHNPRa0qN1h:SCderOGYmX

Score

10^/10

njrat evasion persistence trojan

Malware Config

Targets

- Target
  
  9b44ccb6e01dd9a3e020e0dbd26a6d8804fa882729cad3f95dfe2705337aaa0c
- Size
  
  111KB
- MD5
  
  7f06af4daf30a10baa152fdc52a3680d
- SHA1
  
  378fc79c50bb028781b907d84a2bab105673e801
- SHA256
  
  9b44ccb6e01dd9a3e020e0dbd26a6d8804fa882729cad3f95dfe2705337aaa0c
- SHA512
  
  84b26c0155374a2a93dfaae5ccc615a1f02a92f5fe276140163f108ddf69be703a0886484239ba1b29ab6e9a276df0ffbc0a9aadfdb75c2b33cd799ae2826362
- SSDEEP
  
  3072:tM/LO9qCD8qD81rxA1647lFFainRuAHNPRa0qN1h:SCderOGYmX
Score

10^/10

evasion persistence njrat trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

njratevasionpersistencetrojan