njrat | 9273db8f77a2e9efbc7af98c5b45489d466ffc3003b4a2412f71196f06168dbb | Triage

Sharing

General

Target

9273db8f77a2e9efbc7af98c5b45489d466ffc3003b4a2412f71196f06168dbb
Size

816KB
Sample

221126-3dxh7scf86
MD5

c7e0ea419d706b17c546f2165616db01
SHA1

ea2f53f39b43844e356fca1e07594603a2634fcd
SHA256

9273db8f77a2e9efbc7af98c5b45489d466ffc3003b4a2412f71196f06168dbb
SHA512

b013abb1e117788f9191731ab6eeec202e8bcc4e36188ac5eab2217d51b3eb3ebf4bd95a8a12aea154ce0f6e325f9c78be93b936106e6d7d2cc41d8c2146d15c
SSDEEP

24576:Qp9M/ULsy3KihysUYYYYYYYYYYYRYYYYYYYYYYv:7/qsL0yvYYYYYYYYYYYRYYYYYYYYYYv

Score

10^/10

njrat evasion persistence trojan

Malware Config

Targets

- Target
  
  9273db8f77a2e9efbc7af98c5b45489d466ffc3003b4a2412f71196f06168dbb
- Size
  
  816KB
- MD5
  
  c7e0ea419d706b17c546f2165616db01
- SHA1
  
  ea2f53f39b43844e356fca1e07594603a2634fcd
- SHA256
  
  9273db8f77a2e9efbc7af98c5b45489d466ffc3003b4a2412f71196f06168dbb
- SHA512
  
  b013abb1e117788f9191731ab6eeec202e8bcc4e36188ac5eab2217d51b3eb3ebf4bd95a8a12aea154ce0f6e325f9c78be93b936106e6d7d2cc41d8c2146d15c
- SSDEEP
  
  24576:Qp9M/ULsy3KihysUYYYYYYYYYYYRYYYYYYYYYYv:7/qsL0yvYYYYYYYYYYYRYYYYYYYYYYv
Score

10^/10

evasion persistence njrat trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

njratevasionpersistencetrojan