njrat | c9515781559e19f50bc3bee9a6120b1a2f68976c8915653e7538ca26b0cad8c5 | Triage

Submit
Reports

Overview

overview

Static

static

FINANCIALS.pdf.lnk

windows7-x64

3

FINANCIALS.pdf.lnk

windows10-2004-x64

Sharing

General

Target

FINANCIALS.pdf.lnk
Size

1KB
Sample

221207-n3gfysea57
MD5

0e6da63c0a779ecaf78c87780bfa24f8
SHA1

d94c0a6eb06c4996cacb56559516fb0e469605ac
SHA256

c9515781559e19f50bc3bee9a6120b1a2f68976c8915653e7538ca26b0cad8c5
SHA512

16cbaf69b63fd7ea638d1bc20d4bab1898cbabd4387c8b8d0dd6ce1d2cd2f00186f653613cef9d31559e8afcae38eee1a3bea354862b0ba7bf67c3f4d6311499

Score

10^/10

njrat nov18 trojan

Static task

static1

Behavioral task

behavioral1

Sample

FINANCIALS.pdf.lnk

Resource

win7-20220812-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

FINANCIALS.pdf.lnk

Resource

win10v2004-20221111-en

njrat nov18 trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

NOV18

C2

172.241.29.150:4848

Mutex

4a4dfaf1c1d7b82a2898b4d660a57fc4

Attributes

reg_key
4a4dfaf1c1d7b82a2898b4d660a57fc4
splitter
|'|'|

Targets

- Target
  
  FINANCIALS.pdf.lnk
- Size
  
  1KB
- MD5
  
  0e6da63c0a779ecaf78c87780bfa24f8
- SHA1
  
  d94c0a6eb06c4996cacb56559516fb0e469605ac
- SHA256
  
  c9515781559e19f50bc3bee9a6120b1a2f68976c8915653e7538ca26b0cad8c5
- SHA512
  
  16cbaf69b63fd7ea638d1bc20d4bab1898cbabd4387c8b8d0dd6ce1d2cd2f00186f653613cef9d31559e8afcae38eee1a3bea354862b0ba7bf67c3f4d6311499
Score

10^/10

njrat nov18 trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

njratnov18trojan

© 2018-2024

Terms | Privacy