njrat | d70707c410c45a5bd357e1ad0a860ade0b75a8f5263f267e77ea32c7b618faae | Triage

Sharing

General

Target

d70707c410c45a5bd357e1ad0a860ade0b75a8f5263f267e77ea32c7b618faae
Size

320KB
Sample

221126-3cg25ace87
MD5

89c584ac90e9cc9e110def52b52ceeda
SHA1

a60ff918e0c7d018f7123f5078f5953e90aa3676
SHA256

d70707c410c45a5bd357e1ad0a860ade0b75a8f5263f267e77ea32c7b618faae
SHA512

49351b09793f8258894a7dc7d39c419bde1496ad344b725bf7c37e919d21be92960b3321bd443ebaefb29678aab1a16abcdbc6270554722623ded09742cda966
SSDEEP

6144:F5d1BiTJwZP7dXoZ9B8GJkVrdadjzFdPFD90j7ic2:F593pJXoL6aJzrkvc

Score

10^/10

njrat hacked evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

an0ngh0st.duckdns.org:1604

Mutex

6f00dadd0f3ba7dfef6b18c479d6e358

Attributes

reg_key
6f00dadd0f3ba7dfef6b18c479d6e358
splitter
|'|'|

Targets

- Target
  
  d70707c410c45a5bd357e1ad0a860ade0b75a8f5263f267e77ea32c7b618faae
- Size
  
  320KB
- MD5
  
  89c584ac90e9cc9e110def52b52ceeda
- SHA1
  
  a60ff918e0c7d018f7123f5078f5953e90aa3676
- SHA256
  
  d70707c410c45a5bd357e1ad0a860ade0b75a8f5263f267e77ea32c7b618faae
- SHA512
  
  49351b09793f8258894a7dc7d39c419bde1496ad344b725bf7c37e919d21be92960b3321bd443ebaefb29678aab1a16abcdbc6270554722623ded09742cda966
- SSDEEP
  
  6144:F5d1BiTJwZP7dXoZ9B8GJkVrdadjzFdPFD90j7ic2:F593pJXoL6aJzrkvc
Score

10^/10

njrat hacked evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackedevasiontrojan

behavioral2

njrathackedevasiontrojan