njrat | 02129f72f331ff32999b3434e0fa84c98786dab5240370efa04b7c0f011d40da | Triage

Sharing

Copy URL Twitter E-mail

General

Target

02129f72f331ff32999b3434e0fa84c98786dab5240370efa04b7c0f011d40da
Size

29KB
Sample

221126-aten4shf69
MD5

6baaa9ca95e971f82580b4a510039a5f
SHA1

3928602fe0a7957b9ceba78395c80316c2806f9f
SHA256

02129f72f331ff32999b3434e0fa84c98786dab5240370efa04b7c0f011d40da
SHA512

1a27e455214faf70c71838c7c2ee4b9e7a93afe57a04db96e3d9d207ca7dc548cce5cc31298723b66ea4c810fdd6930b0820a665a169e73a9cbeae3e4411ef74
SSDEEP

384:46FLvll7jBFoYoKTZl15nRTGumqDAt3eI6GBsbh0w4wlAokw9OhgOL1vYRGOZzDg:B73oYosFnTAqM3eoBKh0p29SgRLW7

Score

10^/10

njrat hacked evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

HacKed

C2

127.0.0.1:1286

Mutex

9a7a22109d76f01e532be01c0b9f7a61

Attributes

reg_key
9a7a22109d76f01e532be01c0b9f7a61
splitter
|'|'|

Targets

- Target
  
  02129f72f331ff32999b3434e0fa84c98786dab5240370efa04b7c0f011d40da
- Size
  
  29KB
- MD5
  
  6baaa9ca95e971f82580b4a510039a5f
- SHA1
  
  3928602fe0a7957b9ceba78395c80316c2806f9f
- SHA256
  
  02129f72f331ff32999b3434e0fa84c98786dab5240370efa04b7c0f011d40da
- SHA512
  
  1a27e455214faf70c71838c7c2ee4b9e7a93afe57a04db96e3d9d207ca7dc548cce5cc31298723b66ea4c810fdd6930b0820a665a169e73a9cbeae3e4411ef74
- SSDEEP
  
  384:46FLvll7jBFoYoKTZl15nRTGumqDAt3eI6GBsbh0w4wlAokw9OhgOL1vYRGOZzDg:B73oYosFnTAqM3eoBKh0p29SgRLW7
Score

10^/10

njrat hacked evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackedevasionpersistencetrojan

behavioral2

njrathackedevasionpersistencetrojan