modiloader | 2d673b75815b3fddd5ee5a299e0411aef712e0f516e6892ad49eddc787c49aa9 | Triage

Sharing

General

Target

2d673b75815b3fddd5ee5a299e0411aef712e0f516e6892ad49eddc787c49aa9
Size

2.5MB
Sample

221126-r6b77abf32
MD5

faa0e44518d5f3aa9f72015e49291bc8
SHA1

ddc71817abc5d6ddfa3377e28e7cd1e87cdc0902
SHA256

2d673b75815b3fddd5ee5a299e0411aef712e0f516e6892ad49eddc787c49aa9
SHA512

a594a4108fb16310310c56cb6bba665a75086aaec2aef2f45b709aefba0304807d0e73a705edf13ae68a8a4fdc79ce7473ac2f94b86f0be0c30d8f3566f3bf2b
SSDEEP

49152:RN/JfNa7cQSmfn186ys9bUqDprVmGRTn:RZJfNa7cQSmfdprlRTn

Score

10^/10

modiloader njrat ضحايا علي سلام evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

ضحايا علي سلام

C2

127.0.0.1:5533

Mutex

2b04263860ba57bc8c7050f703146a3a

Attributes

reg_key
2b04263860ba57bc8c7050f703146a3a
splitter
|'|'|

Targets

- Target
  
  2d673b75815b3fddd5ee5a299e0411aef712e0f516e6892ad49eddc787c49aa9
- Size
  
  2.5MB
- MD5
  
  faa0e44518d5f3aa9f72015e49291bc8
- SHA1
  
  ddc71817abc5d6ddfa3377e28e7cd1e87cdc0902
- SHA256
  
  2d673b75815b3fddd5ee5a299e0411aef712e0f516e6892ad49eddc787c49aa9
- SHA512
  
  a594a4108fb16310310c56cb6bba665a75086aaec2aef2f45b709aefba0304807d0e73a705edf13ae68a8a4fdc79ce7473ac2f94b86f0be0c30d8f3566f3bf2b
- SSDEEP
  
  49152:RN/JfNa7cQSmfn186ys9bUqDprVmGRTn:RZJfNa7cQSmfdprlRTn
Score

10^/10

njrat ضحايا علي سلام evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratضحايا علي سلامevasionpersistencetrojan

behavioral2