njrat | b2fc3a507ef05d039b649cadeccd19a9ccd834a5035c190bcfd7c2def62dd020 | Triage

Sharing

General

Target

b2fc3a507ef05d039b649cadeccd19a9ccd834a5035c190bcfd7c2def62dd020
Size

69KB
Sample

221128-bw6faadg62
MD5

3990819ed755fc8b95c9609fff838510
SHA1

e6696660c8e5fb22d8d49d2c13039e3d8760f975
SHA256

b2fc3a507ef05d039b649cadeccd19a9ccd834a5035c190bcfd7c2def62dd020
SHA512

1cd1ac6c592b318a0df850868f5b20606116c50fdecad625bb15f45c1eb3aa39ce86027c81ecf1237ce6c5728fc9b86db6f8bca18f6523460956e300f7500a52
SSDEEP

768:9k8iRvaWINtVvldosDPkwL2V2AizhGgzTqLE4oh7Ta96Gl:GRyWC9dxlY/QOLE4WXa

Score

10^/10

njrat evasion persistence trojan

Malware Config

Targets

- Target
  
  b2fc3a507ef05d039b649cadeccd19a9ccd834a5035c190bcfd7c2def62dd020
- Size
  
  69KB
- MD5
  
  3990819ed755fc8b95c9609fff838510
- SHA1
  
  e6696660c8e5fb22d8d49d2c13039e3d8760f975
- SHA256
  
  b2fc3a507ef05d039b649cadeccd19a9ccd834a5035c190bcfd7c2def62dd020
- SHA512
  
  1cd1ac6c592b318a0df850868f5b20606116c50fdecad625bb15f45c1eb3aa39ce86027c81ecf1237ce6c5728fc9b86db6f8bca18f6523460956e300f7500a52
- SSDEEP
  
  768:9k8iRvaWINtVvldosDPkwL2V2AizhGgzTqLE4oh7Ta96Gl:GRyWC9dxlY/QOLE4WXa
Score

10^/10

evasion persistence njrat trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

njratevasionpersistencetrojan