njrat | 0552f81dac0204225b13c3b096b8f29bc89e221b9245cb893e7af31869314939 | Triage

Sharing

General

Target

0552f81dac0204225b13c3b096b8f29bc89e221b9245cb893e7af31869314939
Size

6.6MB
Sample

230129-x7qd4aah74
MD5

4fa298a31dcb76657128b92350a0234e
SHA1

29ad9d23a2fd10a697cd0128edec56803f29a1bb
SHA256

0552f81dac0204225b13c3b096b8f29bc89e221b9245cb893e7af31869314939
SHA512

7095b26dccf45ac0eea02a4b6ac3ce0812cc74818338cb171656d73886c3c0e38a8066e19390dd507df3b10dc14a72f18f655f300d959515fb92c406de798cec
SSDEEP

196608:gb01x9LY/k8a+Le9jrv4b9YR4zLD+sfFxBgYirXGVafo:gb0f902BqiR4Dd7iYag

Score

10^/10

njrat revengerat hacked evasion persistence stealer trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

loveuo11222.ddns.net:5552

Mutex

edf49507d18aa53c7edda61c9c878fa0

Attributes

reg_key
edf49507d18aa53c7edda61c9c878fa0
splitter
|'|'|

Extracted

Family

revengerat

Mutex

Targets

- Target
  
  0552f81dac0204225b13c3b096b8f29bc89e221b9245cb893e7af31869314939
- Size
  
  6.6MB
- MD5
  
  4fa298a31dcb76657128b92350a0234e
- SHA1
  
  29ad9d23a2fd10a697cd0128edec56803f29a1bb
- SHA256
  
  0552f81dac0204225b13c3b096b8f29bc89e221b9245cb893e7af31869314939
- SHA512
  
  7095b26dccf45ac0eea02a4b6ac3ce0812cc74818338cb171656d73886c3c0e38a8066e19390dd507df3b10dc14a72f18f655f300d959515fb92c406de798cec
- SSDEEP
  
  196608:gb01x9LY/k8a+Le9jrv4b9YR4zLD+sfFxBgYirXGVafo:gb0f902BqiR4Dd7iYag
Score

10^/10

njrat revengerat hacked evasion persistence stealer trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- RevengeRat Executable
  stealer
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njratrevengerathackedevasionpersistencestealertrojan

behavioral2