njrat | 4751cc3a1a6fcc1cad04c62bebbe162dde1dcbc104a4e4f273031c7edb3e46e3 | Triage

Sharing

General

Target

4751cc3a1a6fcc1cad04c62bebbe162dde1dcbc104a4e4f273031c7edb3e46e3
Size

30KB
Sample

221204-r98qkadd4t
MD5

389a3bd6ebf9cfb0ea53ed85f6729d00
SHA1

54c20561c654fdf41303622bb567a015e6b53a77
SHA256

4751cc3a1a6fcc1cad04c62bebbe162dde1dcbc104a4e4f273031c7edb3e46e3
SHA512

df8f64fb8938665e4e09d5a64dfadc166976ba796ffe23150687a5367c98c461b52cf1a9f551ce8c4e716ebfe46b53cd351afebe16b47cc8762d5c01d7b2602a
SSDEEP

384:q46x9eBkg2Freh6XO2eq0xUcsaeBsEoi1ww8gJpCrgl/E2w2GzM6le3jHbiX+9Mw:q/peh6XOmcleXo/w8NrU/42jbrZvc

Score

10^/10

njrat evasion trojan

Malware Config

Targets

- Target
  
  4751cc3a1a6fcc1cad04c62bebbe162dde1dcbc104a4e4f273031c7edb3e46e3
- Size
  
  30KB
- MD5
  
  389a3bd6ebf9cfb0ea53ed85f6729d00
- SHA1
  
  54c20561c654fdf41303622bb567a015e6b53a77
- SHA256
  
  4751cc3a1a6fcc1cad04c62bebbe162dde1dcbc104a4e4f273031c7edb3e46e3
- SHA512
  
  df8f64fb8938665e4e09d5a64dfadc166976ba796ffe23150687a5367c98c461b52cf1a9f551ce8c4e716ebfe46b53cd351afebe16b47cc8762d5c01d7b2602a
- SSDEEP
  
  384:q46x9eBkg2Freh6XO2eq0xUcsaeBsEoi1ww8gJpCrgl/E2w2GzM6le3jHbiX+9Mw:q/peh6XOmcleXo/w8NrU/42jbrZvc
Score

10^/10

njrat evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njratevasiontrojan

behavioral2

njratevasiontrojan