njrat | f5c98664c8edee079c19b854622493cd3ce7bb89904986c339e378a045b9fbe8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f5c98664c8edee079c19b854622493cd3ce7bb89904986c339e378a045b9fbe8
Size

439KB
Sample

221127-mz1jzsbf59
MD5

53f7914b4ad0114be2205b5f2feff8b3
SHA1

b66b6323b8cebd89ff5db2698ebeb76bbafaf4c6
SHA256

f5c98664c8edee079c19b854622493cd3ce7bb89904986c339e378a045b9fbe8
SHA512

b50d9f85a7ea3939bbae5424c1558784a032ccceee8f58c3a7f0d65da1d634e171b200499006ed6ae4f3ec1218a223b01c7be2b165a3e79aa345b9d45319ae21
SSDEEP

6144:KOraF0ipFssZt57/yd3tFnruc/wInL5OZpKYSfRdZYO/5RfKKC70T:nulXxveddp3nL5fp3ZpLVC7

Score

10^/10

njrat hacked evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

HacKed

C2

motaga8.no-ip.biz:1177

Mutex

ecc7c8c51c0850c1ec247c7fd3602f20

Attributes

reg_key
ecc7c8c51c0850c1ec247c7fd3602f20
splitter
|'|'|

Targets

- Target
  
  f5c98664c8edee079c19b854622493cd3ce7bb89904986c339e378a045b9fbe8
- Size
  
  439KB
- MD5
  
  53f7914b4ad0114be2205b5f2feff8b3
- SHA1
  
  b66b6323b8cebd89ff5db2698ebeb76bbafaf4c6
- SHA256
  
  f5c98664c8edee079c19b854622493cd3ce7bb89904986c339e378a045b9fbe8
- SHA512
  
  b50d9f85a7ea3939bbae5424c1558784a032ccceee8f58c3a7f0d65da1d634e171b200499006ed6ae4f3ec1218a223b01c7be2b165a3e79aa345b9d45319ae21
- SSDEEP
  
  6144:KOraF0ipFssZt57/yd3tFnruc/wInL5OZpKYSfRdZYO/5RfKKC70T:nulXxveddp3nL5fp3ZpLVC7
Score

10^/10

njrat hacked evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackedevasionpersistencetrojan

behavioral2

njrathackedevasionpersistencetrojan