njrat | cde4800186ed6b12aa1099ce8610922f7f48ba21c90b8cfeb76a1345c1cf1a49 | Triage

Sharing

General

Target

cde4800186ed6b12aa1099ce8610922f7f48ba21c90b8cfeb76a1345c1cf1a49
Size

204KB
Sample

221125-hvkwhshg83
MD5

2f86393383567b46b096a5ec421e9d5b
SHA1

26e5dcb2df88a48b359b371436aa387fa212c92a
SHA256

cde4800186ed6b12aa1099ce8610922f7f48ba21c90b8cfeb76a1345c1cf1a49
SHA512

27a1a8b68cac5b3d746cda49339d5db08d93dfc572c061e6cbf6e72df019836f98eebd298739399abfc312ca12cc59f6213ff6ed773b569359d51ab18b52f9e0
SSDEEP

3072:TS680++weUySPSwMLn3czvJ4+v+ZFeRtYPsWKG77PLJ9wadTLI2B4MVnRjac+5:ZlUcXc8PsU1qi4k

Score

10^/10

njrat ‏فہۧايہۧروسہ الہۧعہۧراق هناا evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

‏فہۧايہۧروسہ الہۧعہۧراق هناا

C2

jaki3254.ddns.net:2001

Mutex

85039fd7c6f37e1e0601b12298c6e30f

Attributes

reg_key
85039fd7c6f37e1e0601b12298c6e30f
splitter
|'|'|

Targets

- Target
  
  cde4800186ed6b12aa1099ce8610922f7f48ba21c90b8cfeb76a1345c1cf1a49
- Size
  
  204KB
- MD5
  
  2f86393383567b46b096a5ec421e9d5b
- SHA1
  
  26e5dcb2df88a48b359b371436aa387fa212c92a
- SHA256
  
  cde4800186ed6b12aa1099ce8610922f7f48ba21c90b8cfeb76a1345c1cf1a49
- SHA512
  
  27a1a8b68cac5b3d746cda49339d5db08d93dfc572c061e6cbf6e72df019836f98eebd298739399abfc312ca12cc59f6213ff6ed773b569359d51ab18b52f9e0
- SSDEEP
  
  3072:TS680++weUySPSwMLn3czvJ4+v+ZFeRtYPsWKG77PLJ9wadTLI2B4MVnRjac+5:ZlUcXc8PsU1qi4k
Score

10^/10

njrat ‏فہۧايہۧروسہ الہۧعہۧراق هناا evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrat‏فہۧايہۧروسہ الہۧعہۧراق هنااevasionpersistencetrojan

behavioral2

njrat‏فہۧايہۧروسہ الہۧعہۧراق هنااevasionpersistencetrojan