njrat | f02c84e2280759e7a2a5e707582611e1ea7b28597ebdfc39b0cb23363d00b09e | Triage

Sharing

General

Target

f02c84e2280759e7a2a5e707582611e1ea7b28597ebdfc39b0cb23363d00b09e
Size

23KB
Sample

221126-kmclaaab5w
MD5

20919f85bf91c4683bd92871ecb89d2e
SHA1

f03ca16c1e9cc3ee54ae874d05e3c69d36e978f3
SHA256

f02c84e2280759e7a2a5e707582611e1ea7b28597ebdfc39b0cb23363d00b09e
SHA512

bd167942f2a05a5ff8985ed3ae09723982ba60457e75cd8309bca6b9a736836baf3ed36378bebd1ced36988e1809334aa2c86b057bf10a8f6ec7dc953223d0dc
SSDEEP

384:bluBPiZCMfdfSJrQbsLRGSIxYVL46pg/i8BD9BmRvR6JZlbw8hqIusZzZlkU:kOmhtIiRpcnuo

Score

10^/10

njrat hacked evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

ms-punisher.no.-ip.org:5552

Mutex

b891e7c3d69da1f506442cc213b2a72b

Attributes

reg_key
b891e7c3d69da1f506442cc213b2a72b
splitter
|'|'|

Targets

- Target
  
  f02c84e2280759e7a2a5e707582611e1ea7b28597ebdfc39b0cb23363d00b09e
- Size
  
  23KB
- MD5
  
  20919f85bf91c4683bd92871ecb89d2e
- SHA1
  
  f03ca16c1e9cc3ee54ae874d05e3c69d36e978f3
- SHA256
  
  f02c84e2280759e7a2a5e707582611e1ea7b28597ebdfc39b0cb23363d00b09e
- SHA512
  
  bd167942f2a05a5ff8985ed3ae09723982ba60457e75cd8309bca6b9a736836baf3ed36378bebd1ced36988e1809334aa2c86b057bf10a8f6ec7dc953223d0dc
- SSDEEP
  
  384:bluBPiZCMfdfSJrQbsLRGSIxYVL46pg/i8BD9BmRvR6JZlbw8hqIusZzZlkU:kOmhtIiRpcnuo
Score

10^/10

njrat hacked evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathackedevasionpersistencetrojan

behavioral2

njrathackedevasionpersistencetrojan