njrat | 2024e65d43134e95b5fb90a2ee4b4e44636a2817dabb52ac0c15b989051c613c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024e65d43134e95b5fb90a2ee4b4e44636a2817dabb52ac0c15b989051c613c
Size

178KB
Sample

221127-x6vmesgf31
MD5

d32f19a6baebbba5989f22db7283daab
SHA1

b9984f1bc9a0498fcb70d40ea41f0568fdd3482c
SHA256

2024e65d43134e95b5fb90a2ee4b4e44636a2817dabb52ac0c15b989051c613c
SHA512

a071ca48656c3f4379e67b260d829d897c8138a8a8040c0b11a9bd9a7f63ab88ec183eeb2af004d1c630c87ae39cca3f96f79073eaab7534604754550b9a063f
SSDEEP

3072:0iInE1qKBSwUpNTUHlk32GhNv6AuMFWDf0EOvdg7O4/qIRL:2nEx3eTw62GhNi6muBo

Score

10^/10

njrat evasion persistence trojan

Malware Config

Targets

- Target
  
  2024e65d43134e95b5fb90a2ee4b4e44636a2817dabb52ac0c15b989051c613c
- Size
  
  178KB
- MD5
  
  d32f19a6baebbba5989f22db7283daab
- SHA1
  
  b9984f1bc9a0498fcb70d40ea41f0568fdd3482c
- SHA256
  
  2024e65d43134e95b5fb90a2ee4b4e44636a2817dabb52ac0c15b989051c613c
- SHA512
  
  a071ca48656c3f4379e67b260d829d897c8138a8a8040c0b11a9bd9a7f63ab88ec183eeb2af004d1c630c87ae39cca3f96f79073eaab7534604754550b9a063f
- SSDEEP
  
  3072:0iInE1qKBSwUpNTUHlk32GhNv6AuMFWDf0EOvdg7O4/qIRL:2nEx3eTw62GhNi6muBo
Score

10^/10

evasion persistence njrat trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

njratevasionpersistencetrojan