njrat | d9d60842f711185749339f0fab952a56ee4af7c471f5256c1d76f3a6b1de9cdf | Triage

Sharing

General

Target

d9d60842f711185749339f0fab952a56ee4af7c471f5256c1d76f3a6b1de9cdf
Size

28KB
Sample

221127-abxrzaee25
MD5

08277ffd0604662786bcab74fadb9f58
SHA1

65293437403509b08e9f83f1aa40e62540d35948
SHA256

d9d60842f711185749339f0fab952a56ee4af7c471f5256c1d76f3a6b1de9cdf
SHA512

0d4195f31465083ac69e07633eb183d46c4c10625f176e913ef13b315711f116160c5573f7e67da8731f5505cfe7651e026e2a7541be164644443d0b658673b2
SSDEEP

768:OqbOQqUkKytQPMKDzdkL0OzU0LMqCbQ0e:ka9DeLRelbQ0

Score

10^/10

njrat evasion persistence trojan

Malware Config

Targets

- Target
  
  d9d60842f711185749339f0fab952a56ee4af7c471f5256c1d76f3a6b1de9cdf
- Size
  
  28KB
- MD5
  
  08277ffd0604662786bcab74fadb9f58
- SHA1
  
  65293437403509b08e9f83f1aa40e62540d35948
- SHA256
  
  d9d60842f711185749339f0fab952a56ee4af7c471f5256c1d76f3a6b1de9cdf
- SHA512
  
  0d4195f31465083ac69e07633eb183d46c4c10625f176e913ef13b315711f116160c5573f7e67da8731f5505cfe7651e026e2a7541be164644443d0b658673b2
- SSDEEP
  
  768:OqbOQqUkKytQPMKDzdkL0OzU0LMqCbQ0e:ka9DeLRelbQ0
Score

10^/10

njrat evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratevasionpersistencetrojan

behavioral2

njratevasionpersistencetrojan