njrat | befa40d5a837618e0690f421b32d50a1441e803af7fb24c9992ef692718add80 | Triage

Sharing

General

Target

befa40d5a837618e0690f421b32d50a1441e803af7fb24c9992ef692718add80
Size

650KB
Sample

221127-vk2gqsdd94
MD5

4c7241be67b3b61abc741a4cfd686cd1
SHA1

67e9fd1fcadd17b6ce0d319a92f824ec77695d52
SHA256

befa40d5a837618e0690f421b32d50a1441e803af7fb24c9992ef692718add80
SHA512

d7350f09b89c5b370aade03ab637a9f2dd9ed0b1f259117c92f5a0c2f90ac5c3d304e8f1667010b22f67f9c1a5cd37c6a32886d726eda6e8e67e3ffa67a1ed82
SSDEEP

12288:F+9N5QN6ZygHho68GOnG1KI4aCLesgHqARN42PHpQnYMV4RmX0:y6NxgiGOnG1KIcpW6sJwB4oX0

Score

10^/10

njrat test1 trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

test1

C2

souhail12.no-ip.biz:1177

Mutex

74cd4cd9506a9c672f58c580b9f07246

Attributes

reg_key
74cd4cd9506a9c672f58c580b9f07246
splitter
|'|'|

Targets

- Target
  
  befa40d5a837618e0690f421b32d50a1441e803af7fb24c9992ef692718add80
- Size
  
  650KB
- MD5
  
  4c7241be67b3b61abc741a4cfd686cd1
- SHA1
  
  67e9fd1fcadd17b6ce0d319a92f824ec77695d52
- SHA256
  
  befa40d5a837618e0690f421b32d50a1441e803af7fb24c9992ef692718add80
- SHA512
  
  d7350f09b89c5b370aade03ab637a9f2dd9ed0b1f259117c92f5a0c2f90ac5c3d304e8f1667010b22f67f9c1a5cd37c6a32886d726eda6e8e67e3ffa67a1ed82
- SSDEEP
  
  12288:F+9N5QN6ZygHho68GOnG1KI4aCLesgHqARN42PHpQnYMV4RmX0:y6NxgiGOnG1KIcpW6sJwB4oX0
Score

10^/10

njrat test1 trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrattest1trojan

behavioral2