njrat | d46ffa62d8ee5a2aa48c6d731780bf3124199d94d3562b8b65560e91f970b906 | Triage

Sharing

General

Target

d46ffa62d8ee5a2aa48c6d731780bf3124199d94d3562b8b65560e91f970b906.exe
Size

25KB
Sample

221130-tz34faad9y
MD5

201d32e0b19f59625d4152fa7a0c7f0d
SHA1

03f9109e046f6033f21d2c41fd461ed67fa4fa72
SHA256

d46ffa62d8ee5a2aa48c6d731780bf3124199d94d3562b8b65560e91f970b906
SHA512

9a80ed2f607027962bae0fa2a019bea90472aefb499e3b7959688d815b321f18f755459a108bd8e377c7559edb2b578d3dc1e63d9d3a7a5bd698dad9c9380023
SSDEEP

768:6m3km2qDyTYCFk3eWJDUQWOcq3sFR8hlRh6Y:L3kmlu3MDUasHe+Y

Score

10^/10

njrat hacked trojan

Malware Config

Extracted

Family

njrat

Version

v4.0

Botnet

HacKed

C2

6.tcp.eu.ngrok.io:18644

Mutex

Windows

Attributes

reg_key
Windows
splitter
|-F-|

Targets

- Target
  
  d46ffa62d8ee5a2aa48c6d731780bf3124199d94d3562b8b65560e91f970b906.exe
- Size
  
  25KB
- MD5
  
  201d32e0b19f59625d4152fa7a0c7f0d
- SHA1
  
  03f9109e046f6033f21d2c41fd461ed67fa4fa72
- SHA256
  
  d46ffa62d8ee5a2aa48c6d731780bf3124199d94d3562b8b65560e91f970b906
- SHA512
  
  9a80ed2f607027962bae0fa2a019bea90472aefb499e3b7959688d815b321f18f755459a108bd8e377c7559edb2b578d3dc1e63d9d3a7a5bd698dad9c9380023
- SSDEEP
  
  768:6m3km2qDyTYCFk3eWJDUQWOcq3sFR8hlRh6Y:L3kmlu3MDUasHe+Y
Score

10^/10

njrat hacked trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathackedtrojan

behavioral2

njrathackedtrojan