njrat | 1d9c36c9efbc84bdd291d06d426ebcbb6561dfd769e131d7fb037c3042cc9703 | Triage

Sharing

General

Target

1d9c36c9efbc84bdd291d06d426ebcbb6561dfd769e131d7fb037c3042cc9703
Size

111KB
Sample

221125-esth4aag57
MD5

2703252dba3070e2816f24bc3079a224
SHA1

98313a6ddd52ce75c931036c8c58fa70514a5663
SHA256

1d9c36c9efbc84bdd291d06d426ebcbb6561dfd769e131d7fb037c3042cc9703
SHA512

eea1d9d41f2d0219fea0be613d9652755ac3602b1c4743c7708f0845bb5c842ed18a8bc5ea2a445e38f606ccb174963e15865ab6f160c9c1912ead6cfd8d6c1a
SSDEEP

1536:xbC830RWuvjpHiQzAygMrer647sejE5xxN/55OvksxbRkPMXuKtzqnaQi98Wqkpw:FC8k0n0AIZ47iSw6rlw

Score

10^/10

njrat zom evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

ZOM

C2

satanhoks666.no-ip.biz:666

Mutex

89d1821afe5aca4fd6ec386f735c5634

Attributes

reg_key
89d1821afe5aca4fd6ec386f735c5634
splitter
|'|'|

Targets

- Target
  
  1d9c36c9efbc84bdd291d06d426ebcbb6561dfd769e131d7fb037c3042cc9703
- Size
  
  111KB
- MD5
  
  2703252dba3070e2816f24bc3079a224
- SHA1
  
  98313a6ddd52ce75c931036c8c58fa70514a5663
- SHA256
  
  1d9c36c9efbc84bdd291d06d426ebcbb6561dfd769e131d7fb037c3042cc9703
- SHA512
  
  eea1d9d41f2d0219fea0be613d9652755ac3602b1c4743c7708f0845bb5c842ed18a8bc5ea2a445e38f606ccb174963e15865ab6f160c9c1912ead6cfd8d6c1a
- SSDEEP
  
  1536:xbC830RWuvjpHiQzAygMrer647sejE5xxN/55OvksxbRkPMXuKtzqnaQi98Wqkpw:FC8k0n0AIZ47iSw6rlw
Score

10^/10

njrat zom evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njratzomevasionpersistencetrojan

behavioral2

njratzomevasionpersistencetrojan