njrat | 3d74997f9d6119c548ece090039064ff0d0f068a25a917ba5932e2eee912b5a1 | Triage

Sharing

General

Target

3d74997f9d6119c548ece090039064ff0d0f068a25a917ba5932e2eee912b5a1
Size

188KB
Sample

221127-tqyglaee9t
MD5

77d9730ba438cb29ff4a8babb744ab74
SHA1

457ed2d1c824a04703c00b81c2e24777ef7f1afa
SHA256

3d74997f9d6119c548ece090039064ff0d0f068a25a917ba5932e2eee912b5a1
SHA512

27f43d7b2db78642f277dcd3cbf399e7c4d444b8a039a4a58b4bf90cff37f50c3c3288dfc5b8cfcf320d910b9c59b7c20a147ad8bf76585d3ea0e20eb3f5b908
SSDEEP

3072:BNySWs/68TCNOaLHjc56c29oHJ7riVkjLnkvOX7NK5/vCQge8iJhNz7jiR7vVK/v:PRWqONbPc29Y3zNC/6Qgop47w/8yq2

Score

10^/10

njrat hacked evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

immoniter.mooo.com:9103

Mutex

d90aa8b54f241f86a0f9287800ba7533

Attributes

reg_key
d90aa8b54f241f86a0f9287800ba7533
splitter
|'|'|

Targets

- Target
  
  3d74997f9d6119c548ece090039064ff0d0f068a25a917ba5932e2eee912b5a1
- Size
  
  188KB
- MD5
  
  77d9730ba438cb29ff4a8babb744ab74
- SHA1
  
  457ed2d1c824a04703c00b81c2e24777ef7f1afa
- SHA256
  
  3d74997f9d6119c548ece090039064ff0d0f068a25a917ba5932e2eee912b5a1
- SHA512
  
  27f43d7b2db78642f277dcd3cbf399e7c4d444b8a039a4a58b4bf90cff37f50c3c3288dfc5b8cfcf320d910b9c59b7c20a147ad8bf76585d3ea0e20eb3f5b908
- SSDEEP
  
  3072:BNySWs/68TCNOaLHjc56c29oHJ7riVkjLnkvOX7NK5/vCQge8iJhNz7jiR7vVK/v:PRWqONbPc29Y3zNC/6Qgop47w/8yq2
Score

10^/10

njrat hacked evasion persistence trojan
- Modifies WinLogon for persistence
  persistence
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Drops file in Drivers directory
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackedevasionpersistencetrojan

behavioral2

njrathackedevasionpersistencetrojan