njrat | a491bc62b61fb012f3933d2814cf27e4bddd30af3deed344c1f02e442c59c14f | Triage

Sharing

General

Target

a491bc62b61fb012f3933d2814cf27e4bddd30af3deed344c1f02e442c59c14f
Size

204KB
Sample

221125-h5zsesea7x
MD5

7333994bbd983d4387ed1dbcf0d14aa1
SHA1

2dbde9adf8d5b75e05fe9e6cda00fab90fca1690
SHA256

a491bc62b61fb012f3933d2814cf27e4bddd30af3deed344c1f02e442c59c14f
SHA512

05a876ccd3c29dd6a3d19f6821be9c619bae0fcc1e5a5801cc6b3dc212ca45b8f1acdc942ecc50050e510bd0a453eb64fa0da54f65ab469d2c1cbf1377043eab
SSDEEP

1536:mhUweUySbmSS6UVRWudZm4xb+PJKb0w9i1szBFNsH8Y+gQ6dTXrCDuw+NynY2mtx:hweUySPS680+Ugbj9xzBYqdPuTvoqY/

Score

10^/10

njrat ‏فہۧايہۧروسہ الہۧعہۧراق هناا evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

‏فہۧايہۧروسہ الہۧعہۧراق هناا

C2

jaki3254.ddns.net:2001

Mutex

85039fd7c6f37e1e0601b12298c6e30f

Attributes

reg_key
85039fd7c6f37e1e0601b12298c6e30f
splitter
|'|'|

Targets

- Target
  
  a491bc62b61fb012f3933d2814cf27e4bddd30af3deed344c1f02e442c59c14f
- Size
  
  204KB
- MD5
  
  7333994bbd983d4387ed1dbcf0d14aa1
- SHA1
  
  2dbde9adf8d5b75e05fe9e6cda00fab90fca1690
- SHA256
  
  a491bc62b61fb012f3933d2814cf27e4bddd30af3deed344c1f02e442c59c14f
- SHA512
  
  05a876ccd3c29dd6a3d19f6821be9c619bae0fcc1e5a5801cc6b3dc212ca45b8f1acdc942ecc50050e510bd0a453eb64fa0da54f65ab469d2c1cbf1377043eab
- SSDEEP
  
  1536:mhUweUySbmSS6UVRWudZm4xb+PJKb0w9i1szBFNsH8Y+gQ6dTXrCDuw+NynY2mtx:hweUySPS680+Ugbj9xzBYqdPuTvoqY/
Score

10^/10

njrat ‏فہۧايہۧروسہ الہۧعہۧراق هناا evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrat‏فہۧايہۧروسہ الہۧعہۧراق هنااevasionpersistencetrojan

behavioral2

njrat‏فہۧايہۧروسہ الہۧعہۧراق هنااevasionpersistencetrojan