njrat | 80bcbf8b722fca75df1ca3fe89630ab6f6f9075a77b7adae7b1df0e7b615e316 | Triage

Sharing

General

Target

80bcbf8b722fca75df1ca3fe89630ab6f6f9075a77b7adae7b1df0e7b615e316
Size

60KB
Sample

221125-jehxnaeg4v
MD5

fbe67dd640d59eaf5f5cbb564b6bd3b3
SHA1

de152d02b3e548f89bbcbb047bc88fbb20c8cdfb
SHA256

80bcbf8b722fca75df1ca3fe89630ab6f6f9075a77b7adae7b1df0e7b615e316
SHA512

51aff932e9c10e06decdd5ec702bae10c700f87830b9d9c35fa128dc353125cd34ba1e37aa6443d4b058747bd7242bbdf5c7f6250fbc37551e39ef458cce8cac
SSDEEP

1536:YTC2Ce7xeNOleDZKUHM5IFHKhG29jOFNJq1rfIJa:Ye2DtgqA29QJqK

Score

10^/10

njrat hacked by hatim evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

Hacked by Hatim

C2

killerice123.ddns.net:5552

Mutex

647d85fcb40679ba4107fb08db7005ed

Attributes

reg_key
647d85fcb40679ba4107fb08db7005ed
splitter
|'|'|

Targets

- Target
  
  80bcbf8b722fca75df1ca3fe89630ab6f6f9075a77b7adae7b1df0e7b615e316
- Size
  
  60KB
- MD5
  
  fbe67dd640d59eaf5f5cbb564b6bd3b3
- SHA1
  
  de152d02b3e548f89bbcbb047bc88fbb20c8cdfb
- SHA256
  
  80bcbf8b722fca75df1ca3fe89630ab6f6f9075a77b7adae7b1df0e7b615e316
- SHA512
  
  51aff932e9c10e06decdd5ec702bae10c700f87830b9d9c35fa128dc353125cd34ba1e37aa6443d4b058747bd7242bbdf5c7f6250fbc37551e39ef458cce8cac
- SSDEEP
  
  1536:YTC2Ce7xeNOleDZKUHM5IFHKhG29jOFNJq1rfIJa:Ye2DtgqA29QJqK
Score

10^/10

njrat hacked by hatim evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathacked by hatimevasionpersistencetrojan

behavioral2

njrathacked by hatimevasionpersistencetrojan