njrat | db2c557a428446fc053005075800d6107eb3664eecb95ce393e5b5ea511ee647 | Triage

Sharing

General

Target

db2c557a428446fc053005075800d6107eb3664eecb95ce393e5b5ea511ee647
Size

401KB
Sample

221126-kg3khshh7x
MD5

60632a21bdc4e01d73832e6e80ddbf7b
SHA1

4f5872f2e00662c129b0b7e541cd78862db3461c
SHA256

db2c557a428446fc053005075800d6107eb3664eecb95ce393e5b5ea511ee647
SHA512

a97ecd3ddd0243cd023ec56c816c0adf11cb85a2aded0c3201a19117726808ec667af0d06ef51c629c6e5867e6ba7567e3fda80c3016bc6ac13a77ec1d49c732
SSDEEP

3072:kx4ITM48SDZSBreHTNVujO/JVUSO2tmmXVhF26:4MFBqHTNEjO/JqC2

Score

10^/10

njrat evasion persistence trojan

Malware Config

Targets

- Target
  
  db2c557a428446fc053005075800d6107eb3664eecb95ce393e5b5ea511ee647
- Size
  
  401KB
- MD5
  
  60632a21bdc4e01d73832e6e80ddbf7b
- SHA1
  
  4f5872f2e00662c129b0b7e541cd78862db3461c
- SHA256
  
  db2c557a428446fc053005075800d6107eb3664eecb95ce393e5b5ea511ee647
- SHA512
  
  a97ecd3ddd0243cd023ec56c816c0adf11cb85a2aded0c3201a19117726808ec667af0d06ef51c629c6e5867e6ba7567e3fda80c3016bc6ac13a77ec1d49c732
- SSDEEP
  
  3072:kx4ITM48SDZSBreHTNVujO/JVUSO2tmmXVhF26:4MFBqHTNEjO/JqC2
Score

10^/10

evasion persistence njrat trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

njratevasionpersistencetrojan