njrat | 6126a6b258c310c99c68f19b325042fbe462619b3b0ddf25498b04f172fbc261 | Triage

Sharing

General

Target

6126a6b258c310c99c68f19b325042fbe462619b3b0ddf25498b04f172fbc261
Size

59KB
Sample

221125-jndpasfd8t
MD5

d2dff3b78b10e57635b077a4493381e0
SHA1

f7a40815fc6510532b28d6831ca71aeaf37bbd21
SHA256

6126a6b258c310c99c68f19b325042fbe462619b3b0ddf25498b04f172fbc261
SHA512

35b9ac3b5f047d3a07fb121af856222238f8e96c30797bc48d8c5a1aa242e136132410cce789ed468fe6fc199d104aace6d291b845f3a576bfb705bf1e5ac3bd
SSDEEP

768:OvVuwN4RSiKxVFZ8hk6GPXYrCNU+NUU3wbTXtP/9U4WI0:2VuwN4NKxVFNAmNbLgnXtXxW5

Score

10^/10

njrat evasion persistence trojan

Malware Config

Targets

- Target
  
  6126a6b258c310c99c68f19b325042fbe462619b3b0ddf25498b04f172fbc261
- Size
  
  59KB
- MD5
  
  d2dff3b78b10e57635b077a4493381e0
- SHA1
  
  f7a40815fc6510532b28d6831ca71aeaf37bbd21
- SHA256
  
  6126a6b258c310c99c68f19b325042fbe462619b3b0ddf25498b04f172fbc261
- SHA512
  
  35b9ac3b5f047d3a07fb121af856222238f8e96c30797bc48d8c5a1aa242e136132410cce789ed468fe6fc199d104aace6d291b845f3a576bfb705bf1e5ac3bd
- SSDEEP
  
  768:OvVuwN4RSiKxVFZ8hk6GPXYrCNU+NUU3wbTXtP/9U4WI0:2VuwN4NKxVFNAmNbLgnXtXxW5
Score

10^/10

evasion persistence njrat trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

njratevasionpersistencetrojan