njrat | 3317fd13e0377c08ba274fdeca8413e163380c26182826851806799e5a140403 | Triage

Sharing

General

Target

3317fd13e0377c08ba274fdeca8413e163380c26182826851806799e5a140403
Size

109KB
Sample

221124-ntssmaee8x
MD5

192e78e7db7e447729433b4f310ea6b6
SHA1

ed38943a6aa889c956b791383229d04fcd13e9d2
SHA256

3317fd13e0377c08ba274fdeca8413e163380c26182826851806799e5a140403
SHA512

6ae3695b00ecfbc78045f913b0a7a2453013e5aff981bb1074427ce0640a271374379369424c84486f112d47a41c6137b89b6bdbeae59281ccde24d5cb5aacda
SSDEEP

3072:yLha0r+jOVlXZ8fjnsCAP4uyPoitxwqpFr:4i7fVA4D1t

Score

10^/10

njrat evasion persistence trojan

Malware Config

Targets

- Target
  
  3317fd13e0377c08ba274fdeca8413e163380c26182826851806799e5a140403
- Size
  
  109KB
- MD5
  
  192e78e7db7e447729433b4f310ea6b6
- SHA1
  
  ed38943a6aa889c956b791383229d04fcd13e9d2
- SHA256
  
  3317fd13e0377c08ba274fdeca8413e163380c26182826851806799e5a140403
- SHA512
  
  6ae3695b00ecfbc78045f913b0a7a2453013e5aff981bb1074427ce0640a271374379369424c84486f112d47a41c6137b89b6bdbeae59281ccde24d5cb5aacda
- SSDEEP
  
  3072:yLha0r+jOVlXZ8fjnsCAP4uyPoitxwqpFr:4i7fVA4D1t
Score

10^/10

evasion persistence njrat trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

njratevasionpersistencetrojan