njrat | 2ab90c3a95b4caa67473c8ac945ce0b69ae3b7d5778bd431214900812ab6fb3f | Triage

Sharing

General

Target

abef5960fcda8c82d1fdbb291e7a9012.exe
Size

472KB
Sample

230131-klqfrahd4x
MD5

abef5960fcda8c82d1fdbb291e7a9012
SHA1

84e03cd48d7fec40753fc1226c88013f39bedcc0
SHA256

2ab90c3a95b4caa67473c8ac945ce0b69ae3b7d5778bd431214900812ab6fb3f
SHA512

10a92617477010bfb1550fdecc7f8dbd16b7debd6916b9c683e24931960f5aef1434f5346d1341c5bd77599267eee259e9f047565df32dc55a4be71302a5e515
SSDEEP

12288:u/N73EBM32LTQ9/hFou9SoUEZkmNlYX07i:u/N463oKrou/vZkmv3

Score

10^/10

njrat hack trojan

Malware Config

Extracted

Family

njrat

Version

<- NjRAT 0.7d Horror Edition ->

Botnet

HacK

C2

0.tcp.in.ngrok.io:11408

Mutex

f98d9d08ffb40400218be2d9b125d7d3

Attributes

reg_key
f98d9d08ffb40400218be2d9b125d7d3
splitter
Y262SUCZ4UJJ

Targets

- Target
  
  abef5960fcda8c82d1fdbb291e7a9012.exe
- Size
  
  472KB
- MD5
  
  abef5960fcda8c82d1fdbb291e7a9012
- SHA1
  
  84e03cd48d7fec40753fc1226c88013f39bedcc0
- SHA256
  
  2ab90c3a95b4caa67473c8ac945ce0b69ae3b7d5778bd431214900812ab6fb3f
- SHA512
  
  10a92617477010bfb1550fdecc7f8dbd16b7debd6916b9c683e24931960f5aef1434f5346d1341c5bd77599267eee259e9f047565df32dc55a4be71302a5e515
- SSDEEP
  
  12288:u/N73EBM32LTQ9/hFou9SoUEZkmNlYX07i:u/N463oKrou/vZkmv3
Score

10^/10

njrat hack trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathacktrojan

behavioral2

njrathacktrojan