njrat | 775f5d8d2c0bdd574ff16f04ba019bc27c0c8002d13890201756334b78485cab | Triage

Sharing

General

Target

029f4c2010b55f11f710bbb553d1b0b9.exe
Size

77KB
Sample

230118-khkq4ahg4w
MD5

029f4c2010b55f11f710bbb553d1b0b9
SHA1

ed5cfd154b205c59bf6577caa68f99fef12c25ed
SHA256

775f5d8d2c0bdd574ff16f04ba019bc27c0c8002d13890201756334b78485cab
SHA512

1ab24f1b999e57f753a64523705fd1d3548daa2a02670c7023e031b9894c34ffd7a81a75a717dc746ce2c42f68497431a05372b4be26eb27ab1dab44ebb29f7b
SSDEEP

768:iINN9ZMTGtmF25rM+rMRa8NupjtjLLLLJzhstFOrrPEe:i8N9uStmYa+gRJNmJLLLLJzhUOEe

Score

10^/10

njrat pc evasion trojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

pc

C2

7.tcp.eu.ngrok.io:19280

Mutex

13e55be2dd10ea1680835d1283024970

Attributes

reg_key
13e55be2dd10ea1680835d1283024970
splitter
|'|'|

Targets

- Target
  
  029f4c2010b55f11f710bbb553d1b0b9.exe
- Size
  
  77KB
- MD5
  
  029f4c2010b55f11f710bbb553d1b0b9
- SHA1
  
  ed5cfd154b205c59bf6577caa68f99fef12c25ed
- SHA256
  
  775f5d8d2c0bdd574ff16f04ba019bc27c0c8002d13890201756334b78485cab
- SHA512
  
  1ab24f1b999e57f753a64523705fd1d3548daa2a02670c7023e031b9894c34ffd7a81a75a717dc746ce2c42f68497431a05372b4be26eb27ab1dab44ebb29f7b
- SSDEEP
  
  768:iINN9ZMTGtmF25rM+rMRa8NupjtjLLLLJzhstFOrrPEe:i8N9uStmYa+gRJNmJLLLLJzhUOEe
Score

10^/10

njrat pc evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njratpcevasiontrojan

behavioral2

njratpcevasiontrojan