njrat | 28e8fa60cb51cc2a6700666f5b659b117fde7a097e3bde08b63543c92d1566cb | Triage

Sharing

General

Target

bK5D.exe
Size

23KB
Sample

230316-gwv77sbf5s
MD5

b440b0808712ca3e4675d4266e5854b1
SHA1

9c6fd8327036c594ca46544308d33d5b76514066
SHA256

28e8fa60cb51cc2a6700666f5b659b117fde7a097e3bde08b63543c92d1566cb
SHA512

432de737a55a07531d72b66d87d45e43cf27c2df074483dcfb2bcf6ee23a04b401b0284a91a8367dfd807a6f090db8430445c5a8e425d86cc1e1a039b9c39d21
SSDEEP

384:n+n2650N3qZbATcjRGC5Eo9D46BgnqUhay1ZmRvR6JZlbw8hqIusZzZbm:Am+71d5XRpcnu5

Score

10^/10

njrat hacked evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

7.tcp.eu.ngrok.io:10930

Mutex

9e1d76f980dcbeb3169aabd93be87618

Attributes

reg_key
9e1d76f980dcbeb3169aabd93be87618
splitter
|'|'|

Targets

- Target
  
  bK5D.exe
- Size
  
  23KB
- MD5
  
  b440b0808712ca3e4675d4266e5854b1
- SHA1
  
  9c6fd8327036c594ca46544308d33d5b76514066
- SHA256
  
  28e8fa60cb51cc2a6700666f5b659b117fde7a097e3bde08b63543c92d1566cb
- SHA512
  
  432de737a55a07531d72b66d87d45e43cf27c2df074483dcfb2bcf6ee23a04b401b0284a91a8367dfd807a6f090db8430445c5a8e425d86cc1e1a039b9c39d21
- SSDEEP
  
  384:n+n2650N3qZbATcjRGC5Eo9D46BgnqUhay1ZmRvR6JZlbw8hqIusZzZbm:Am+71d5XRpcnu5
Score

10^/10

njrat hacked evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

njrathackedevasiontrojan

behavioral2

njrathackedevasiontrojan