njrat | 96cb6cc90619a599c9806d649a64db4aa596c495887ae3b3db432e63082bd0ab | Triage

Sharing

General

Target

96cb6cc90619a599c9806d649a64db4aa596c495887ae3b3db432e63082bd0ab
Size

592KB
Sample

221206-qb5qksdh8w
MD5

f9af3bb471626b0b164883fd40364984
SHA1

2134dfb0329ed567be16aded8da7bedf9d65f588
SHA256

96cb6cc90619a599c9806d649a64db4aa596c495887ae3b3db432e63082bd0ab
SHA512

e0f0c447c37b57caff29ae54f99b1ef37a9416a7fa03aa15f0f66c0e7a279a495c54e768527845ee900af95e76c8c2607053c85e30d7ff85fe0a1806e6fb7071
SSDEEP

12288:b2y2axB0F+IKNDleyJJ5KcZDOIOcMldpFU065lbzO4mBR:q+xB3ZL5NDzkdHUphNmBR

Score

10^/10

njrat spameur monta evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

Spameur monta

C2

kadi41.no-ip.org:1177

Mutex

9d0ca6779c4df125b0313463a3f5f631

Attributes

reg_key
9d0ca6779c4df125b0313463a3f5f631
splitter
|'|'|

Targets

- Target
  
  96cb6cc90619a599c9806d649a64db4aa596c495887ae3b3db432e63082bd0ab
- Size
  
  592KB
- MD5
  
  f9af3bb471626b0b164883fd40364984
- SHA1
  
  2134dfb0329ed567be16aded8da7bedf9d65f588
- SHA256
  
  96cb6cc90619a599c9806d649a64db4aa596c495887ae3b3db432e63082bd0ab
- SHA512
  
  e0f0c447c37b57caff29ae54f99b1ef37a9416a7fa03aa15f0f66c0e7a279a495c54e768527845ee900af95e76c8c2607053c85e30d7ff85fe0a1806e6fb7071
- SSDEEP
  
  12288:b2y2axB0F+IKNDleyJJ5KcZDOIOcMldpFU065lbzO4mBR:q+xB3ZL5NDzkdHUphNmBR
Score

10^/10

njrat spameur monta evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratspameur montaevasionpersistencetrojan

behavioral2

njratspameur montaevasionpersistencetrojan