njrat | 5311007a8d4e7b034dbe652619428aefe33bef614cc385d2d4f74f3b7c8cfe88 | Triage

Sharing

General

Target

5311007a8d4e7b034dbe652619428aefe33bef614cc385d2d4f74f3b7c8cfe88
Size

649KB
Sample

221126-217r1sfb7s
MD5

fd77bce75d75a3587ed36155da6888e0
SHA1

b58ad2e1cf5bca700c5ed198acbb197335f3a3fa
SHA256

5311007a8d4e7b034dbe652619428aefe33bef614cc385d2d4f74f3b7c8cfe88
SHA512

ca212402d0e133ca518e5d82a4375f37d2105eb2c234be0b6d571f784c86b597508626cde919c7814d343df717b5af36a4aec79a0e8b5a85420858ce63970a5e
SSDEEP

12288:aJLBZE2PUOGzNmAF6699D52yjS6EGdyafJaSIMPzkqdtRbKdE1J:yLfE2PUOk6U55PS67fcsPR/dz1J

Score

10^/10

njrat hacked by jamal evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed By Jamal

C2

mokla.no-ip.biz:1177

Mutex

19e3e31e995d880c12ab2c426a9773dd

Attributes

reg_key
19e3e31e995d880c12ab2c426a9773dd
splitter
|'|'|

Targets

- Target
  
  5311007a8d4e7b034dbe652619428aefe33bef614cc385d2d4f74f3b7c8cfe88
- Size
  
  649KB
- MD5
  
  fd77bce75d75a3587ed36155da6888e0
- SHA1
  
  b58ad2e1cf5bca700c5ed198acbb197335f3a3fa
- SHA256
  
  5311007a8d4e7b034dbe652619428aefe33bef614cc385d2d4f74f3b7c8cfe88
- SHA512
  
  ca212402d0e133ca518e5d82a4375f37d2105eb2c234be0b6d571f784c86b597508626cde919c7814d343df717b5af36a4aec79a0e8b5a85420858ce63970a5e
- SSDEEP
  
  12288:aJLBZE2PUOGzNmAF6699D52yjS6EGdyafJaSIMPzkqdtRbKdE1J:yLfE2PUOk6U55PS67fcsPR/dz1J
Score

10^/10

njrat hacked by jamal evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathacked by jamalevasionpersistencetrojan

behavioral2

njrathacked by jamalevasionpersistencetrojan