njrat | 73201bc7d4c2655b32f4ec836c9d74eb88893dc77ff4caa19a7fd1367eb58e8c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

73201bc7d4c2655b32f4ec836c9d74eb88893dc77ff4caa19a7fd1367eb58e8c
Size

1.2MB
Sample

221127-gzrzysed86
MD5

10f3fd8d0f80ed5cd4a102c59a035755
SHA1

4f9d2a4c3736f1abfc4ebf33aee709f2373b10a6
SHA256

73201bc7d4c2655b32f4ec836c9d74eb88893dc77ff4caa19a7fd1367eb58e8c
SHA512

973a5047ee489369541aabc115d9cb0de094d943216a493b3e4cf1ca0caec245381edee7c81293b1cd5ac446f1c10186d327ee3d67ee76954ce1b47121a52be7
SSDEEP

3072:KOz3VqDGCIOvGqdJvWHibLQSN2YUHwHfzT/4lWDTu+GL8ST4bVLAtOgO4i:d4P

Score

10^/10

njrat evasion persistence trojan

Malware Config

Targets

- Target
  
  73201bc7d4c2655b32f4ec836c9d74eb88893dc77ff4caa19a7fd1367eb58e8c
- Size
  
  1.2MB
- MD5
  
  10f3fd8d0f80ed5cd4a102c59a035755
- SHA1
  
  4f9d2a4c3736f1abfc4ebf33aee709f2373b10a6
- SHA256
  
  73201bc7d4c2655b32f4ec836c9d74eb88893dc77ff4caa19a7fd1367eb58e8c
- SHA512
  
  973a5047ee489369541aabc115d9cb0de094d943216a493b3e4cf1ca0caec245381edee7c81293b1cd5ac446f1c10186d327ee3d67ee76954ce1b47121a52be7
- SSDEEP
  
  3072:KOz3VqDGCIOvGqdJvWHibLQSN2YUHwHfzT/4lWDTu+GL8ST4bVLAtOgO4i:d4P
Score

10^/10

evasion persistence njrat trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

njratevasionpersistencetrojan