njrat | 57f548a6fe2ba7f9920d754442796d2859d52bfa01ce7bba903f403ca5340999 | Triage

Sharing

General

Target

57f548a6fe2ba7f9920d754442796d2859d52bfa01ce7bba903f403ca5340999
Size

30KB
Sample

221127-gfh8psdb99
MD5

ab89f168dcff025b5c0220cb508060d1
SHA1

6db122e9bfdcd6efa1ae0ca5b82e4e7f9be567e0
SHA256

57f548a6fe2ba7f9920d754442796d2859d52bfa01ce7bba903f403ca5340999
SHA512

6d3939fccc0ff41404416fbbc1972b1b2bdd51a60f11f810da57bec1d8781ccf714b9770b3a2b51139903119666355f980261e6dd60a8eb775a8a9719801d8c7
SSDEEP

384:wAx0nuJ3wZ9x7rHt6/iLVMVpUGAHT6Pq2XFg82G5Fk4tZS0QL5PyN:wfnuxIjz6VpUGAHT6PTuXAtLK

Score

10^/10

njrat evasion persistence trojan

Malware Config

Targets

- Target
  
  57f548a6fe2ba7f9920d754442796d2859d52bfa01ce7bba903f403ca5340999
- Size
  
  30KB
- MD5
  
  ab89f168dcff025b5c0220cb508060d1
- SHA1
  
  6db122e9bfdcd6efa1ae0ca5b82e4e7f9be567e0
- SHA256
  
  57f548a6fe2ba7f9920d754442796d2859d52bfa01ce7bba903f403ca5340999
- SHA512
  
  6d3939fccc0ff41404416fbbc1972b1b2bdd51a60f11f810da57bec1d8781ccf714b9770b3a2b51139903119666355f980261e6dd60a8eb775a8a9719801d8c7
- SSDEEP
  
  384:wAx0nuJ3wZ9x7rHt6/iLVMVpUGAHT6Pq2XFg82G5Fk4tZS0QL5PyN:wfnuxIjz6VpUGAHT6PTuXAtLK
Score

10^/10

evasion persistence njrat trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

njratevasionpersistencetrojan