njrat | 8339f7c21daae3fe4f3ac6cf0026b9be3cc60698f1a0ae66548d399e6a948b9f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8339f7c21daae3fe4f3ac6cf0026b9be3cc60698f1a0ae66548d399e6a948b9f
Size

371KB
Sample

221128-b8at5sag91
MD5

f688f28af59b0d3570969638f2d91925
SHA1

d15a1ed7f1d20fc9fa62a6731cc398193687ec09
SHA256

8339f7c21daae3fe4f3ac6cf0026b9be3cc60698f1a0ae66548d399e6a948b9f
SHA512

cb8a7bfe6c5dd278d0fb58502ca4175c48d61683766a2ad2f59ab17703a465545ae309cbce27e7ac1949063c188aebbedf44f864872f47ffd846ef202c7aae32
SSDEEP

6144:d/DZGeRKglYRkrcSM+FAM6nbxBWeZ/hX92:9BKglYJSXAM6nbxBWeZ/ht

Score

10^/10

njrat تسجيل دخول نعجة evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

تسجيل دخول نعجة

C2

jebar6770.no-ip.biz:6770

Mutex

664cd127ef4248d29b63f96771ce5981

Attributes

reg_key
664cd127ef4248d29b63f96771ce5981
splitter
|'|'|

Targets

- Target
  
  8339f7c21daae3fe4f3ac6cf0026b9be3cc60698f1a0ae66548d399e6a948b9f
- Size
  
  371KB
- MD5
  
  f688f28af59b0d3570969638f2d91925
- SHA1
  
  d15a1ed7f1d20fc9fa62a6731cc398193687ec09
- SHA256
  
  8339f7c21daae3fe4f3ac6cf0026b9be3cc60698f1a0ae66548d399e6a948b9f
- SHA512
  
  cb8a7bfe6c5dd278d0fb58502ca4175c48d61683766a2ad2f59ab17703a465545ae309cbce27e7ac1949063c188aebbedf44f864872f47ffd846ef202c7aae32
- SSDEEP
  
  6144:d/DZGeRKglYRkrcSM+FAM6nbxBWeZ/hX92:9BKglYJSXAM6nbxBWeZ/ht
Score

10^/10

njrat تسجيل دخول نعجة evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

njratتسجيل دخول نعجةevasionpersistencetrojan