njrat | dd9da600c246a61caefb2be086eaa8905c09e9e14cd8478fce859c3e5deb5aba | Triage

Sharing

General

Target

dd9da600c246a61caefb2be086eaa8905c09e9e14cd8478fce859c3e5deb5aba
Size

240KB
Sample

221125-hqxdrahe44
MD5

72c75bb38a17e2723c6c8d991526259e
SHA1

ece587ca67e276857beca97b1a04c850707a8dab
SHA256

dd9da600c246a61caefb2be086eaa8905c09e9e14cd8478fce859c3e5deb5aba
SHA512

ec40cd7431c50378728935e307bf483fde0a34510593c59573ff640d4e35a7ec0427bccc6f2f5fd330fdd96a1cd2d03657792b59ac076bc93746e6e0dbee2c7e
SSDEEP

6144:V7/KIxVNmXi4UwOPuFGBsLDgnanSSoLbuTFT5K/OMsojFndNmtB6GZAwrLRt0LWK:1yIjPPuFGBsLDgnanRELW1ER9hQW

Score

10^/10

njrat evasion trojan

Malware Config

Targets

- Target
  
  dd9da600c246a61caefb2be086eaa8905c09e9e14cd8478fce859c3e5deb5aba
- Size
  
  240KB
- MD5
  
  72c75bb38a17e2723c6c8d991526259e
- SHA1
  
  ece587ca67e276857beca97b1a04c850707a8dab
- SHA256
  
  dd9da600c246a61caefb2be086eaa8905c09e9e14cd8478fce859c3e5deb5aba
- SHA512
  
  ec40cd7431c50378728935e307bf483fde0a34510593c59573ff640d4e35a7ec0427bccc6f2f5fd330fdd96a1cd2d03657792b59ac076bc93746e6e0dbee2c7e
- SSDEEP
  
  6144:V7/KIxVNmXi4UwOPuFGBsLDgnanSSoLbuTFT5K/OMsojFndNmtB6GZAwrLRt0LWK:1yIjPPuFGBsLDgnanRELW1ER9hQW
Score

10^/10

evasion njrat trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

njratevasiontrojan