njrat | ae2eb6d61e418e45159c477b22725482955b85681ca6b3b76a837112ff221a16 | Triage

Sharing

General

Target

ae2eb6d61e418e45159c477b22725482955b85681ca6b3b76a837112ff221a16
Size

23KB
Sample

221125-3kvm7aaa2s
MD5

54231b462ee544a9b04f67e3edb45402
SHA1

3b0b3ab0ac55b51253fb3fb38ea3e7ff4cb5acbd
SHA256

ae2eb6d61e418e45159c477b22725482955b85681ca6b3b76a837112ff221a16
SHA512

73b508061760be67a2ae8e9ac4fa450cf46ffc5a2df9e43ce83c338f92ca3981635eda0d0169fa009e223ca2a059adeea51f8fb4e2a03ffd104515860ea23fc2
SSDEEP

384:xsqS+ER6vRKXGYKRWVSujUtX9w6Dglo61Z5QQmRvR6JZlbw8hqIusZzZ+13:Kf65K2Yf1jERpcnuPd

Score

10^/10

njrat ahlem evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

ahlem

C2

omezzine.no-ip.biz:81

Mutex

0d9c5c61bceb827fc74ac3bc57a82c44

Attributes

reg_key
0d9c5c61bceb827fc74ac3bc57a82c44
splitter
|'|'|

Targets

- Target
  
  ae2eb6d61e418e45159c477b22725482955b85681ca6b3b76a837112ff221a16
- Size
  
  23KB
- MD5
  
  54231b462ee544a9b04f67e3edb45402
- SHA1
  
  3b0b3ab0ac55b51253fb3fb38ea3e7ff4cb5acbd
- SHA256
  
  ae2eb6d61e418e45159c477b22725482955b85681ca6b3b76a837112ff221a16
- SHA512
  
  73b508061760be67a2ae8e9ac4fa450cf46ffc5a2df9e43ce83c338f92ca3981635eda0d0169fa009e223ca2a059adeea51f8fb4e2a03ffd104515860ea23fc2
- SSDEEP
  
  384:xsqS+ER6vRKXGYKRWVSujUtX9w6Dglo61Z5QQmRvR6JZlbw8hqIusZzZ+13:Kf65K2Yf1jERpcnuPd
Score

10^/10

njrat ahlem evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratahlemevasionpersistencetrojan

behavioral2

njratahlemevasionpersistencetrojan