njrat | 753061b696cf1a88a29ef2faf43753547f12563bea7210351205b7f9dc032686 | Triage

Sharing

General

Target

753061b696cf1a88a29ef2faf43753547f12563bea7210351205b7f9dc032686
Size

119KB
Sample

221125-jhf78sbe52
MD5

e1c86402102193d7513f774e10183316
SHA1

a83ed3d982bb03e69e1401077f452b4ea2356f49
SHA256

753061b696cf1a88a29ef2faf43753547f12563bea7210351205b7f9dc032686
SHA512

aec3d96c7fbebb87cfac84b8a419bae7333c1a71b6642d9011e04dc0e615015a57c2e6d0504f1ed9cf9b686e7bcb58cc1b72d718178797ba00c418b427409ebc
SSDEEP

3072:RuJmRt+O9qCDYuGJixWjNmBGlF36+T/c/:PRUCjFfG3hc

Score

10^/10

njrat evasion persistence trojan

Malware Config

Targets

- Target
  
  753061b696cf1a88a29ef2faf43753547f12563bea7210351205b7f9dc032686
- Size
  
  119KB
- MD5
  
  e1c86402102193d7513f774e10183316
- SHA1
  
  a83ed3d982bb03e69e1401077f452b4ea2356f49
- SHA256
  
  753061b696cf1a88a29ef2faf43753547f12563bea7210351205b7f9dc032686
- SHA512
  
  aec3d96c7fbebb87cfac84b8a419bae7333c1a71b6642d9011e04dc0e615015a57c2e6d0504f1ed9cf9b686e7bcb58cc1b72d718178797ba00c418b427409ebc
- SSDEEP
  
  3072:RuJmRt+O9qCDYuGJixWjNmBGlF36+T/c/:PRUCjFfG3hc
Score

10^/10

evasion persistence njrat trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

njratevasionpersistencetrojan