njrat | 1c1e6128738f90d0a77248880efd9bc9b9255d5a5625b05fe609ced943de900a | Triage

Sharing

General

Target

1c1e6128738f90d0a77248880efd9bc9b9255d5a5625b05fe609ced943de900a
Size

641KB
Sample

221126-21lvjsfb3z
MD5

0f90df5bc5729687c185b625c884173a
SHA1

5c313bd0d43e9fc04de3be43546bf598a741c86b
SHA256

1c1e6128738f90d0a77248880efd9bc9b9255d5a5625b05fe609ced943de900a
SHA512

012a1d3160cac0f076d2ca00ba0a01f6e6d99f42e184cc3dfd5f5366d44642cb1fe0995bf7311f0428cad472df58544fd89265ff0865cbdca2117f0c015eeaa6
SSDEEP

6144:zYQT9dfbLIqMIgGkQ5wwa4RoqQtvlsOk0pM/SbURs4joY5iyk4AAoOQATLo:Ecdfbsq7bip4RdSSEF4Dib4z

Score

10^/10

njrat hacked by mohamed hany evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed By Mohamed Hany

C2

bondok12.no-ip.biz:1177

Mutex

ccaba534c83a00018d8c7c4e6116f22c

Attributes

reg_key
ccaba534c83a00018d8c7c4e6116f22c
splitter
|'|'|

Targets

- Target
  
  1c1e6128738f90d0a77248880efd9bc9b9255d5a5625b05fe609ced943de900a
- Size
  
  641KB
- MD5
  
  0f90df5bc5729687c185b625c884173a
- SHA1
  
  5c313bd0d43e9fc04de3be43546bf598a741c86b
- SHA256
  
  1c1e6128738f90d0a77248880efd9bc9b9255d5a5625b05fe609ced943de900a
- SHA512
  
  012a1d3160cac0f076d2ca00ba0a01f6e6d99f42e184cc3dfd5f5366d44642cb1fe0995bf7311f0428cad472df58544fd89265ff0865cbdca2117f0c015eeaa6
- SSDEEP
  
  6144:zYQT9dfbLIqMIgGkQ5wwa4RoqQtvlsOk0pM/SbURs4joY5iyk4AAoOQATLo:Ecdfbsq7bip4RdSSEF4Dib4z
Score

10^/10

njrat hacked by mohamed hany evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathacked by mohamed hanyevasionpersistencetrojan

behavioral2

njratevasionpersistencetrojan