njrat | 8398ee25e1f67f866aeac9c0fd8fb22302839b6dbc48163b9778a744ade88ce3 | Triage

Sharing

General

Target

8398ee25e1f67f866aeac9c0fd8fb22302839b6dbc48163b9778a744ade88ce3.exe
Size

7KB
Sample

221204-rea6taae6z
MD5

84a39cb712de28760fc6a7740f674bd9
SHA1

c152916eb9393c5d946dfc6f324423df39c94bbe
SHA256

8398ee25e1f67f866aeac9c0fd8fb22302839b6dbc48163b9778a744ade88ce3
SHA512

f31d6214e5f7c6ccde67418a9d9130cd8aedafe2bbf84f9bf893452c34495453c72570ef5a93db16582542940cabdea365a46a699d146bf9075f838e0927f0ab
SSDEEP

96:CfpxK68Lh5TOsiBx9wRcE2TYlnlYJnLOL0Kff2W8K0ucuRXmmNFL930zNt:CSxqsiBx9nV2nlYJLOLT8n2pO

Score

10^/10

njrat evasion trojan

Malware Config

Targets

- Target
  
  8398ee25e1f67f866aeac9c0fd8fb22302839b6dbc48163b9778a744ade88ce3.exe
- Size
  
  7KB
- MD5
  
  84a39cb712de28760fc6a7740f674bd9
- SHA1
  
  c152916eb9393c5d946dfc6f324423df39c94bbe
- SHA256
  
  8398ee25e1f67f866aeac9c0fd8fb22302839b6dbc48163b9778a744ade88ce3
- SHA512
  
  f31d6214e5f7c6ccde67418a9d9130cd8aedafe2bbf84f9bf893452c34495453c72570ef5a93db16582542940cabdea365a46a699d146bf9075f838e0927f0ab
- SSDEEP
  
  96:CfpxK68Lh5TOsiBx9wRcE2TYlnlYJnLOL0Kff2W8K0ucuRXmmNFL930zNt:CSxqsiBx9nV2nlYJLOLT8n2pO
Score

10^/10

evasion njrat trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Downloads MZ/PE file
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

njratevasiontrojan