njrat | e18242f6ff524b246ae8d58a5051fd48380683c4cf46d2253b0ab0dc87c6b134 | Triage

Sharing

General

Target

e18242f6ff524b246ae8d58a5051fd48380683c4cf46d2253b0ab0dc87c6b134
Size

112KB
Sample

221124-lljhwaed34
MD5

77dcdc1d78522d71f7a32710064d2380
SHA1

8f0620f9cf155d9632698789bdc5e5508f4907f9
SHA256

e18242f6ff524b246ae8d58a5051fd48380683c4cf46d2253b0ab0dc87c6b134
SHA512

c66cacc109b131b961d9aa40ef9e0f233e23a5712f9fc1d8f212fbea3312e623c3454169ffd70e365b23a5790e92ad1f243f4ad1cd143a3b2eac882807b5a17e
SSDEEP

3072:5+k1ahltUt4C/8qp4BHS25zPHHniYQLd5EZQ/3:1ytUtb/NUjzvHIEO/

Score

10^/10

njrat evasion persistence trojan

Malware Config

Targets

- Target
  
  e18242f6ff524b246ae8d58a5051fd48380683c4cf46d2253b0ab0dc87c6b134
- Size
  
  112KB
- MD5
  
  77dcdc1d78522d71f7a32710064d2380
- SHA1
  
  8f0620f9cf155d9632698789bdc5e5508f4907f9
- SHA256
  
  e18242f6ff524b246ae8d58a5051fd48380683c4cf46d2253b0ab0dc87c6b134
- SHA512
  
  c66cacc109b131b961d9aa40ef9e0f233e23a5712f9fc1d8f212fbea3312e623c3454169ffd70e365b23a5790e92ad1f243f4ad1cd143a3b2eac882807b5a17e
- SSDEEP
  
  3072:5+k1ahltUt4C/8qp4BHS25zPHHniYQLd5EZQ/3:1ytUtb/NUjzvHIEO/
Score

10^/10

evasion persistence njrat trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

njratevasionpersistencetrojan