njrat | 02175550330b76de111ae886a542242298c5b50b26f5d49a520fbe1481e52aab | Triage

Sharing

General

Target

Server.exe
Size

37KB
Sample

230206-wn94qafb89
MD5

77a061d54196511fb985ad08f61b4681
SHA1

e783b16bf42144aac4acf441fce87415e0dca275
SHA256

02175550330b76de111ae886a542242298c5b50b26f5d49a520fbe1481e52aab
SHA512

0292ebd71c561c6ad5ed841ba63e85b4606fd8c612eeb6d925a4e66933da19b3241569c3ce21b6451cf7eced02b0dea8e6893b2511ed041fdaf141052d9c3086
SSDEEP

384:calayyaik9hkdTnNiybYT81PRsc4jWj7rAF+rMRTyN/0L+EcoinblneHQM3epzX6:NgyCxNxbYT81y1WHrM+rMRa8Nu4Bt

Score

10^/10

njrat hacked evasion trojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

considered-arrest.at.ply.gg:19159

Mutex

8b1b4ed3028d60637b47ebe2ea5ce8d7

Attributes

reg_key
8b1b4ed3028d60637b47ebe2ea5ce8d7
splitter
|'|'|

Targets

- Target
  
  Server.exe
- Size
  
  37KB
- MD5
  
  77a061d54196511fb985ad08f61b4681
- SHA1
  
  e783b16bf42144aac4acf441fce87415e0dca275
- SHA256
  
  02175550330b76de111ae886a542242298c5b50b26f5d49a520fbe1481e52aab
- SHA512
  
  0292ebd71c561c6ad5ed841ba63e85b4606fd8c612eeb6d925a4e66933da19b3241569c3ce21b6451cf7eced02b0dea8e6893b2511ed041fdaf141052d9c3086
- SSDEEP
  
  384:calayyaik9hkdTnNiybYT81PRsc4jWj7rAF+rMRTyN/0L+EcoinblneHQM3epzX6:NgyCxNxbYT81y1WHrM+rMRa8Nu4Bt
Score

10^/10

njrat hacked evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Disables Task Manager via registry modification
  evasion
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathackedevasiontrojan