njrat | 2c3aba28dd226f7a429379dcde769bd7d80f27608da1da53ce5c71e4a2b7db7a | Triage

Sharing

General

Target

2c3aba28dd226f7a429379dcde769bd7d80f27608da1da53ce5c71e4a2b7db7a
Size

256KB
Sample

221126-akk5jaha62
MD5

a1063dfcb0fa9b60444d487bd0b99c41
SHA1

e026766de06cde67ae5f2340f0adf55075705d1e
SHA256

2c3aba28dd226f7a429379dcde769bd7d80f27608da1da53ce5c71e4a2b7db7a
SHA512

d0edb45fac2a3362ede118f232ba091eef65f49019e7045a04299912c2332c3b36adc03d0a5c0e1430a25b2fc56988bd7cd879f6ebd597d1ecf5ff58f612dd97
SSDEEP

6144:FPqjOgYeDhxncphQ2Amb/P3JTQYKeobc5AKx:UlYQhxnKSoqDKx

Score

10^/10

njrat hacked by solo evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed by solo

C2

soport-587.zapto.org:1177

Mutex

f37bb6f8d08374d7119032823a62e813

Attributes

reg_key
f37bb6f8d08374d7119032823a62e813
splitter
|'|'|

Targets

- Target
  
  2c3aba28dd226f7a429379dcde769bd7d80f27608da1da53ce5c71e4a2b7db7a
- Size
  
  256KB
- MD5
  
  a1063dfcb0fa9b60444d487bd0b99c41
- SHA1
  
  e026766de06cde67ae5f2340f0adf55075705d1e
- SHA256
  
  2c3aba28dd226f7a429379dcde769bd7d80f27608da1da53ce5c71e4a2b7db7a
- SHA512
  
  d0edb45fac2a3362ede118f232ba091eef65f49019e7045a04299912c2332c3b36adc03d0a5c0e1430a25b2fc56988bd7cd879f6ebd597d1ecf5ff58f612dd97
- SSDEEP
  
  6144:FPqjOgYeDhxncphQ2Amb/P3JTQYKeobc5AKx:UlYQhxnKSoqDKx
Score

10^/10

njrat hacked by solo evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathacked by solo evasionpersistencetrojan

behavioral2

njratevasionpersistencetrojan