njrat | d4f9627bb3d6efe016e28b0f34e1fcdef901c0286acab9791000ec3a12994eb4 | Triage

Sharing

General

Target

d4f9627bb3d6efe016e28b0f34e1fcdef901c0286acab9791000ec3a12994eb4
Size

92KB
Sample

221130-w742taea73
MD5

507a80f151f00d815964222b4c1e25f8
SHA1

909d8c3c6cf2ca25d9fcc201e1fa5e681328ac0a
SHA256

d4f9627bb3d6efe016e28b0f34e1fcdef901c0286acab9791000ec3a12994eb4
SHA512

76eb187e8813e9d15795b21a49edcf802d3f23563686e82ecb26f7c6615e58f1d39fd97e7ab0861de437db716c35b32f4c5dea7cba77b73727a40779581ed255
SSDEEP

1536:XGogScd6gVZJrn7UjWn7GaonG8lrJHaSboDGmFWunEPb5x4cBSMTwlVEDmfh169l:XtgSTlrJHaeoDfF564cBSMslVEDmfh1i

Score

10^/10

njrat evasion trojan

Malware Config

Targets

- Target
  
  d4f9627bb3d6efe016e28b0f34e1fcdef901c0286acab9791000ec3a12994eb4
- Size
  
  92KB
- MD5
  
  507a80f151f00d815964222b4c1e25f8
- SHA1
  
  909d8c3c6cf2ca25d9fcc201e1fa5e681328ac0a
- SHA256
  
  d4f9627bb3d6efe016e28b0f34e1fcdef901c0286acab9791000ec3a12994eb4
- SHA512
  
  76eb187e8813e9d15795b21a49edcf802d3f23563686e82ecb26f7c6615e58f1d39fd97e7ab0861de437db716c35b32f4c5dea7cba77b73727a40779581ed255
- SSDEEP
  
  1536:XGogScd6gVZJrn7UjWn7GaonG8lrJHaSboDGmFWunEPb5x4cBSMTwlVEDmfh169l:XtgSTlrJHaeoDfF564cBSMslVEDmfh1i
Score

10^/10

evasion njrat trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

njratevasiontrojan