njrat | 44301d3588d08c7b1260355d02037e0becffe7634c991937498f3a7314534af2 | Triage

Sharing

General

Target

44301d3588d08c7b1260355d02037e0becffe7634c991937498f3a7314534af2
Size

373KB
Sample

221127-tnl1saag68
MD5

c819c2f4182ab01c19557f8538a3c567
SHA1

10738a67ca9adf1ccee077e982b9fa8c24490f5b
SHA256

44301d3588d08c7b1260355d02037e0becffe7634c991937498f3a7314534af2
SHA512

c08f9187b2adb60175ad66d7689a5680862ec172273768955692c1d24b89ffe9e150db57513c6efccdc6c7190d5aa726a00c9da766a2b8d8b171c79afc975f5d
SSDEEP

6144:IcC5kJrhU/08Q0T0KpcR5yms0mLUePyNtvRaU4QOrPbyQYU22ROORcrvYP:IR5kJrKs0ThGR5fsJvPyLgUdGPbzYMW0

Score

10^/10

njrat evasion persistence trojan

Malware Config

Targets

- Target
  
  44301d3588d08c7b1260355d02037e0becffe7634c991937498f3a7314534af2
- Size
  
  373KB
- MD5
  
  c819c2f4182ab01c19557f8538a3c567
- SHA1
  
  10738a67ca9adf1ccee077e982b9fa8c24490f5b
- SHA256
  
  44301d3588d08c7b1260355d02037e0becffe7634c991937498f3a7314534af2
- SHA512
  
  c08f9187b2adb60175ad66d7689a5680862ec172273768955692c1d24b89ffe9e150db57513c6efccdc6c7190d5aa726a00c9da766a2b8d8b171c79afc975f5d
- SSDEEP
  
  6144:IcC5kJrhU/08Q0T0KpcR5yms0mLUePyNtvRaU4QOrPbyQYU22ROORcrvYP:IR5kJrKs0ThGR5fsJvPyLgUdGPbzYMW0
Score

10^/10

evasion persistence njrat trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

njratevasionpersistencetrojan