njrat | e77a5ec54a40db742eed271bd444bb436274439aacffbd366ef7bce0e2952baf | Triage

Sharing

General

Target

1852-55-0x0000000001D50000-0x0000000001D68000-memory.dmp
Size

96KB
Sample

230211-nm94bsaa6y
MD5

7422e9dd48d04ea2b1a81f1ff52c21a0
SHA1

1d17433d0d21b4cec583fdfbf961006a7a4f3992
SHA256

e77a5ec54a40db742eed271bd444bb436274439aacffbd366ef7bce0e2952baf
SHA512

50b9d856da3fd0659ceb8357d7ee7c9fc3db6879504a892f55d72a9a04704d93bcbc67da102c11bcd11fd5bf76d9a603950e21d001deb00a59e138b6969fdbf7
SSDEEP

768:cCqb9glF51LRpcnuIOSp4l864t5wQZSNCDiI9/Cg4UP+NiE27k8Z:29glpLRWuI34lkwQZSNCWeSUP+No

Score

10^/10

njrat martina evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

MARTINA

C2

seznam.zapto.org:1177

Mutex

dfa26898bd7eff53ca56739e7591f510

Attributes

reg_key
dfa26898bd7eff53ca56739e7591f510
splitter
|'|'|

Targets

- Target
  
  1852-55-0x0000000001D50000-0x0000000001D68000-memory.dmp
- Size
  
  96KB
- MD5
  
  7422e9dd48d04ea2b1a81f1ff52c21a0
- SHA1
  
  1d17433d0d21b4cec583fdfbf961006a7a4f3992
- SHA256
  
  e77a5ec54a40db742eed271bd444bb436274439aacffbd366ef7bce0e2952baf
- SHA512
  
  50b9d856da3fd0659ceb8357d7ee7c9fc3db6879504a892f55d72a9a04704d93bcbc67da102c11bcd11fd5bf76d9a603950e21d001deb00a59e138b6969fdbf7
- SSDEEP
  
  768:cCqb9glF51LRpcnuIOSp4l864t5wQZSNCDiI9/Cg4UP+NiE27k8Z:29glpLRWuI34lkwQZSNCWeSUP+No
Score

10^/10

njrat martina evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratmartinaevasionpersistencetrojan

behavioral2

njratmartinaevasionpersistencetrojan