njrat | d1742aefc94c12b6a3b54abc9536d7876d61809e0275d4e3a977571de4a3b5ba | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d1742aefc94c12b6a3b54abc9536d7876d61809e0275d4e3a977571de4a3b5ba
Size

29KB
Sample

221125-zr8xlshe3x
MD5

f1bc51554d061e253ee70be76d5257c7
SHA1

f21ed970c458f71476566b64acfa9939d8bad6f4
SHA256

d1742aefc94c12b6a3b54abc9536d7876d61809e0275d4e3a977571de4a3b5ba
SHA512

67d2542f34fb81d2eaa490d625542f8ed3aa74e5f2acbf0a1fddf4e8d6a0734fb9f3f1f78f7a87ef456d47125db9113b1e839b7e02788edf92da7ba899c83074
SSDEEP

384:bhQXpl7dzns8oDw/LRP55/4GWmqDSeXegLGBsbh0w4wlAokw9OhgOL1vYRGOZzZ1:bE7Js8oDSJz4wqZXenBKh0p29SgRec

Score

10^/10

njrat hacked evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

HacKed

C2

lovesafa.no-ip.biz:1177

Mutex

e79d569ba77562f0d4316e586835f0a2

Attributes

reg_key
e79d569ba77562f0d4316e586835f0a2
splitter
|'|'|

Targets

- Target
  
  d1742aefc94c12b6a3b54abc9536d7876d61809e0275d4e3a977571de4a3b5ba
- Size
  
  29KB
- MD5
  
  f1bc51554d061e253ee70be76d5257c7
- SHA1
  
  f21ed970c458f71476566b64acfa9939d8bad6f4
- SHA256
  
  d1742aefc94c12b6a3b54abc9536d7876d61809e0275d4e3a977571de4a3b5ba
- SHA512
  
  67d2542f34fb81d2eaa490d625542f8ed3aa74e5f2acbf0a1fddf4e8d6a0734fb9f3f1f78f7a87ef456d47125db9113b1e839b7e02788edf92da7ba899c83074
- SSDEEP
  
  384:bhQXpl7dzns8oDw/LRP55/4GWmqDSeXegLGBsbh0w4wlAokw9OhgOL1vYRGOZzZ1:bE7Js8oDSJz4wqZXenBKh0p29SgRec
Score

10^/10

njrat hacked evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackedevasionpersistencetrojan

behavioral2

njrathackedevasionpersistencetrojan