njrat | 88948b3dd363db07e7933d371ce3a767673b1eaebc2686353582e6e34027f825 | Triage

Sharing

General

Target

88948b3dd363db07e7933d371ce3a767673b1eaebc2686353582e6e34027f825
Size

188KB
Sample

221125-jcsn3sef41
MD5

ecde4a56a6b1bce1eee14552e9e860b1
SHA1

7efdfbfa57282c5b5d36f4647b8a93f732937055
SHA256

88948b3dd363db07e7933d371ce3a767673b1eaebc2686353582e6e34027f825
SHA512

6734b522145b04a57326b007f74745f354fa65a0d395531d27439c102bac16f9d9f83cca4ccb0a839bb5c9f1af715b5ffb918ee20384e49cf1916c93a47da053
SSDEEP

3072:TWkFrImbVXrzON+BmghjeufJjIbmMJ4pC:TDFrTXrzO2hNiSMa8

Score

10^/10

njrat evasion persistence trojan

Malware Config

Targets

- Target
  
  88948b3dd363db07e7933d371ce3a767673b1eaebc2686353582e6e34027f825
- Size
  
  188KB
- MD5
  
  ecde4a56a6b1bce1eee14552e9e860b1
- SHA1
  
  7efdfbfa57282c5b5d36f4647b8a93f732937055
- SHA256
  
  88948b3dd363db07e7933d371ce3a767673b1eaebc2686353582e6e34027f825
- SHA512
  
  6734b522145b04a57326b007f74745f354fa65a0d395531d27439c102bac16f9d9f83cca4ccb0a839bb5c9f1af715b5ffb918ee20384e49cf1916c93a47da053
- SSDEEP
  
  3072:TWkFrImbVXrzON+BmghjeufJjIbmMJ4pC:TDFrTXrzO2hNiSMa8
Score

10^/10

evasion persistence njrat trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

njratevasionpersistencetrojan