njrat | 38c19d51d82797b47f3b06e50c6ea197bdda02ac3d1a22edf67023de77c1d700 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

38c19d51d82797b47f3b06e50c6ea197bdda02ac3d1a22edf67023de77c1d700
Size

893KB
Sample

221127-xjpgwsef7x
MD5

431cdf896cc59d2595cebd9efc5442f7
SHA1

6f8645755daf30ed9ac5d8e173c9320d9806bc7f
SHA256

38c19d51d82797b47f3b06e50c6ea197bdda02ac3d1a22edf67023de77c1d700
SHA512

5d0fea84950f08a87dcb12950e9813fd7ea92b23a767cd13e0307d509560cb0c5b05aacabd42e8dad1670ba3261d4a7cdc88fb0106e7fc89494c691ae0eeb2e1
SSDEEP

12288:Ntb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSgadLHT6ORnww6A:Ntb20pkaCqT5TBWgNQ7ady3w6A

Score

10^/10

njrat evasion persistence trojan

Malware Config

Targets

- Target
  
  38c19d51d82797b47f3b06e50c6ea197bdda02ac3d1a22edf67023de77c1d700
- Size
  
  893KB
- MD5
  
  431cdf896cc59d2595cebd9efc5442f7
- SHA1
  
  6f8645755daf30ed9ac5d8e173c9320d9806bc7f
- SHA256
  
  38c19d51d82797b47f3b06e50c6ea197bdda02ac3d1a22edf67023de77c1d700
- SHA512
  
  5d0fea84950f08a87dcb12950e9813fd7ea92b23a767cd13e0307d509560cb0c5b05aacabd42e8dad1670ba3261d4a7cdc88fb0106e7fc89494c691ae0eeb2e1
- SSDEEP
  
  12288:Ntb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSgadLHT6ORnww6A:Ntb20pkaCqT5TBWgNQ7ady3w6A
Score

10^/10

njrat evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratevasionpersistencetrojan

behavioral2

evasionpersistence