njrat | c5d83ab64551a865eda341e96819c364d200c42062266a061c7ba8629c6a9946 | Triage

Sharing

General

Target

c5d83ab64551a865eda341e96819c364d200c42062266a061c7ba8629c6a9946
Size

148KB
Sample

221124-x8q21shc4w
MD5

0b277d1d361e8e21e99e59f01b9b6fd3
SHA1

8d7198247d85188fd4177e5aa61336edafe4f543
SHA256

c5d83ab64551a865eda341e96819c364d200c42062266a061c7ba8629c6a9946
SHA512

468d61852006cdf2f6d4f715925586ae30490bfd48ff7587b057fffa32e3d5c89070069b5f9ec6dee20558a2d7b9d0d45e675fbf90669c96a8f40977696a2ac8
SSDEEP

3072:/c1X1MA29SaGpB+hVfnWsmog1dCU9G0zXwpj6sH/b:sS95m+OsmzCeGcwpjH/

Score

10^/10

njrat hacked trojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

HacKed

C2

th3pr0sy.ddns.net:1177

Mutex

5cb277ed285c9adfc0c8c9d42a1444a9

Attributes

reg_key
5cb277ed285c9adfc0c8c9d42a1444a9
splitter
|'|'|

Targets

- Target
  
  c5d83ab64551a865eda341e96819c364d200c42062266a061c7ba8629c6a9946
- Size
  
  148KB
- MD5
  
  0b277d1d361e8e21e99e59f01b9b6fd3
- SHA1
  
  8d7198247d85188fd4177e5aa61336edafe4f543
- SHA256
  
  c5d83ab64551a865eda341e96819c364d200c42062266a061c7ba8629c6a9946
- SHA512
  
  468d61852006cdf2f6d4f715925586ae30490bfd48ff7587b057fffa32e3d5c89070069b5f9ec6dee20558a2d7b9d0d45e675fbf90669c96a8f40977696a2ac8
- SSDEEP
  
  3072:/c1X1MA29SaGpB+hVfnWsmog1dCU9G0zXwpj6sH/b:sS95m+OsmzCeGcwpjH/
Score

10^/10

njrat hacked trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathackedtrojan

behavioral2

njrathackedtrojan