njrat | afef4ac4600d7a1818d247de889d68ac7651d2ad842854d0726b50ba15f61bce | Triage

Sharing

General

Target

afef4ac4600d7a1818d247de889d68ac7651d2ad842854d0726b50ba15f61bce
Size

279KB
Sample

221127-rlf1msha2y
MD5

d3ece560d7a18b6c0d948a6c6302ec4f
SHA1

acf5e9b9e5093091fc726745bd8ff089a3040934
SHA256

afef4ac4600d7a1818d247de889d68ac7651d2ad842854d0726b50ba15f61bce
SHA512

e23eccb408c71b1abb574968ae21a2a8dbeb7857c95b0efcbe5acd68a077deb454be9a30915ba1a1ef668e17c4e39a792b57fbbec748bd23392f64d4dab7e58e
SSDEEP

6144:x1dlZro5yiyA4AvxE+faCHPJKUuM5NbRtELCe:x1dlZo5yiytAvpPJK4zwLD

Score

10^/10

njrat system evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

System

C2

matrix123.ddns.net:2222

Mutex

93f19dda2412c86ad7520ba4198f39a0

Attributes

reg_key
93f19dda2412c86ad7520ba4198f39a0
splitter
|'|'|

Targets

- Target
  
  afef4ac4600d7a1818d247de889d68ac7651d2ad842854d0726b50ba15f61bce
- Size
  
  279KB
- MD5
  
  d3ece560d7a18b6c0d948a6c6302ec4f
- SHA1
  
  acf5e9b9e5093091fc726745bd8ff089a3040934
- SHA256
  
  afef4ac4600d7a1818d247de889d68ac7651d2ad842854d0726b50ba15f61bce
- SHA512
  
  e23eccb408c71b1abb574968ae21a2a8dbeb7857c95b0efcbe5acd68a077deb454be9a30915ba1a1ef668e17c4e39a792b57fbbec748bd23392f64d4dab7e58e
- SSDEEP
  
  6144:x1dlZro5yiyA4AvxE+faCHPJKUuM5NbRtELCe:x1dlZo5yiytAvpPJK4zwLD
Score

10^/10

njrat system evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njratsystemevasiontrojan

behavioral2