njrat | 14e7527286628b9a3db838dcb20e96a56f5d9bedbe38b6b06fc3caf7b2ea3eb6 | Triage

Sharing

General

Target

14e7527286628b9a3db838dcb20e96a56f5d9bedbe38b6b06fc3caf7b2ea3eb6
Size

10KB
Sample

221126-vgpc1ahh98
MD5

37902d644ff9f4a8e0941d0a2099a7fc
SHA1

ec902a42d2030ab17d273bc8369d8e2eaee84ebb
SHA256

14e7527286628b9a3db838dcb20e96a56f5d9bedbe38b6b06fc3caf7b2ea3eb6
SHA512

aae032538ebc0ff8c0b9265f818e0f73db23863f5c4b43acb9a363317b191830e76eff7ce65199d8690092b68025f4aa0597647a4a78c3ef58e8cbd0292ddabd
SSDEEP

192:p26qcDE3ddJ7z593GqsR1IzMrzF5DGcSkQ70mM3NT/gTTAtABglRvKmY:U6qckddBLkR+zMvGOFdbgsA6RvKmY

Score

10^/10

njrat dofus evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

dofus

C2

volkov2014.ddns.net:123

Mutex

3634b8c969047b1aa244e63e9c21a96a

Attributes

reg_key
3634b8c969047b1aa244e63e9c21a96a
splitter
|'|'|

Targets

- Target
  
  onling.exe
- Size
  
  23KB
- MD5
  
  e49ba092469c2d5813bdf3259050f977
- SHA1
  
  1d65cb5388cfc4ae2f91531e8dcb3b1caa598076
- SHA256
  
  8eb3eb1266c7ec59095e1391ec473eda426303e773ff4f595d9a5e2affb37d3a
- SHA512
  
  5463a3704d9339db4a2c7fe2d77000eb1c37a35ecb8fcca2ce89fede49e7390af93a00c306c177bb76cbe4d06ab212009605d38e3f8cc3546eb3057220b81a14
- SSDEEP
  
  384:4+n2650N3qZbATcjRGC5Eo9D46BgnqUhay1ZmRvR6JZlbw8hqIusZzZNc:nm+71d5XRpcnu5
Score

10^/10

njrat dofus evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njratdofusevasionpersistencetrojan

behavioral2

njratdofusevasionpersistencetrojan