njrat | 58948898805076345eb046014a3c10649156088a1529d325220217afc752b077 | Triage

Sharing

General

Target

58948898805076345eb046014a3c10649156088a1529d325220217afc752b077
Size

1.9MB
Sample

221125-k9ts3sbb5y
MD5

38ea6558716e1b9a30a34436921f3d75
SHA1

ad17715a31b524a1c215bd4c8399e24123f30d16
SHA256

58948898805076345eb046014a3c10649156088a1529d325220217afc752b077
SHA512

9537c6972021a47296fc7150fb5babe538cb11f5d3a7c6d4955f402c2ef57a971e93d00847519f1599387e91adf62bfcceac5e90e19fef4c56ab781cae84d650
SSDEEP

12288:Vb6e32OKSj+TMb6GOCAUzltY8OMcHdDDbtb0r1KKUCUgxV3378For7OlBgRlvj9L:YtT/OH65WxYFZExj9//k//Ic

Score

10^/10

njrat haked evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

haked

C2

kazimalia100.ddns.net:5552

Mutex

dffedddd32431063c53a5e694a9739a2

Attributes

reg_key
dffedddd32431063c53a5e694a9739a2
splitter
|'|'|

Targets

- Target
  
  58948898805076345eb046014a3c10649156088a1529d325220217afc752b077
- Size
  
  1.9MB
- MD5
  
  38ea6558716e1b9a30a34436921f3d75
- SHA1
  
  ad17715a31b524a1c215bd4c8399e24123f30d16
- SHA256
  
  58948898805076345eb046014a3c10649156088a1529d325220217afc752b077
- SHA512
  
  9537c6972021a47296fc7150fb5babe538cb11f5d3a7c6d4955f402c2ef57a971e93d00847519f1599387e91adf62bfcceac5e90e19fef4c56ab781cae84d650
- SSDEEP
  
  12288:Vb6e32OKSj+TMb6GOCAUzltY8OMcHdDDbtb0r1KKUCUgxV3378For7OlBgRlvj9L:YtT/OH65WxYFZExj9//k//Ic
Score

10^/10

njrat haked evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathakedevasionpersistencetrojan

behavioral2

njratevasionpersistencetrojan