njrat | ee382b41b912dbac4a0a63cef54b27caa0c69d0bd754ee33039fc6d7f13399e0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ee382b41b912dbac4a0a63cef54b27caa0c69d0bd754ee33039fc6d7f13399e0
Size

37KB
Sample

230302-jvhxlaca42
MD5

c0d376fd24dff8ad62ec240fb4ed799c
SHA1

e86cfbd87617719055efcc1e3233566ed376d113
SHA256

ee382b41b912dbac4a0a63cef54b27caa0c69d0bd754ee33039fc6d7f13399e0
SHA512

0ab54abf4c98154cd4b7a4206d144b51b47bf21e7b955888184737194152a97e71283f89e57efa4f327fddd91c2eff466e4b2fec92fc1a267ba27e18b06c9b2c
SSDEEP

384:/LAlqiU154NLHdayszHtyPpzsobO75rAF+rMRTyN/0L+EcoinblneHQM3epzXoNX:k/ZdJszHtyxVOtrM+rMRa8NuGrt

Score

10^/10

njrat hacked evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

cart-updates.at.ply.gg:27239

Mutex

3e2a5fa61c82d0b7ac3bb07c4edb1f56

Attributes

reg_key
3e2a5fa61c82d0b7ac3bb07c4edb1f56
splitter
|'|'|

Targets

- Target
  
  ee382b41b912dbac4a0a63cef54b27caa0c69d0bd754ee33039fc6d7f13399e0
- Size
  
  37KB
- MD5
  
  c0d376fd24dff8ad62ec240fb4ed799c
- SHA1
  
  e86cfbd87617719055efcc1e3233566ed376d113
- SHA256
  
  ee382b41b912dbac4a0a63cef54b27caa0c69d0bd754ee33039fc6d7f13399e0
- SHA512
  
  0ab54abf4c98154cd4b7a4206d144b51b47bf21e7b955888184737194152a97e71283f89e57efa4f327fddd91c2eff466e4b2fec92fc1a267ba27e18b06c9b2c
- SSDEEP
  
  384:/LAlqiU154NLHdayszHtyPpzsobO75rAF+rMRTyN/0L+EcoinblneHQM3epzXoNX:k/ZdJszHtyxVOtrM+rMRa8NuGrt
Score

10^/10

njrat hacked evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackedevasionpersistencetrojan

behavioral2

njrathackedevasionpersistencetrojan