njrat | d854634ea4a92c5775d1edaf805c7a754d45e8e568bcda853ddcbde2b891a8e3 | Triage

Sharing

General

Target

a84f13afc66598bc51a2a5fa77633a67.exe
Size

37KB
Sample

230105-mm81labf77
MD5

a84f13afc66598bc51a2a5fa77633a67
SHA1

188de3787a2ef16e57062ab794920f9d3957e4f5
SHA256

d854634ea4a92c5775d1edaf805c7a754d45e8e568bcda853ddcbde2b891a8e3
SHA512

045bd70f7de1d604b3f5fee700658ffe8347b09e2437e16652c0f58078e33a148750a59f581b043fc190bb63e4a8217340f26e476a211b2d6aea741cba416d06
SSDEEP

384:i8KvEiTbHvpWNcZ0y8f7CTvvrdLkCwE3rAF+rMRTyN/0L+EcoinblneHQM3epzXg:dKXTZ38f7CTvpFwKrM+rMRa8NusTt

Score

10^/10

njrat hacked evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

6.tcp.eu.ngrok.io:11553

Mutex

99c4d82f0922d38c6f975842331ad8f5

Attributes

reg_key
99c4d82f0922d38c6f975842331ad8f5
splitter
|'|'|

Targets

- Target
  
  a84f13afc66598bc51a2a5fa77633a67.exe
- Size
  
  37KB
- MD5
  
  a84f13afc66598bc51a2a5fa77633a67
- SHA1
  
  188de3787a2ef16e57062ab794920f9d3957e4f5
- SHA256
  
  d854634ea4a92c5775d1edaf805c7a754d45e8e568bcda853ddcbde2b891a8e3
- SHA512
  
  045bd70f7de1d604b3f5fee700658ffe8347b09e2437e16652c0f58078e33a148750a59f581b043fc190bb63e4a8217340f26e476a211b2d6aea741cba416d06
- SSDEEP
  
  384:i8KvEiTbHvpWNcZ0y8f7CTvvrdLkCwE3rAF+rMRTyN/0L+EcoinblneHQM3epzXg:dKXTZ38f7CTvpFwKrM+rMRa8NusTt
Score

10^/10

njrat hacked evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackedevasionpersistencetrojan

behavioral2

njrathackedevasionpersistencetrojan