njrat | 3673256d2b15a3ddd656ce595b43b409b3e1c2a19df82cc34c03c3a4632aacfc | Triage

Sharing

General

Target

98ee71b0a06c4e3b3d83889129b45330.exe
Size

1.6MB
Sample

230318-wza4rsdc45
MD5

98ee71b0a06c4e3b3d83889129b45330
SHA1

7dba5c789bd3bf963fd6be44112b1f90f8f90ba1
SHA256

3673256d2b15a3ddd656ce595b43b409b3e1c2a19df82cc34c03c3a4632aacfc
SHA512

2ad67b315160d449df03050192650e3f6c5248db3b96c621ea89f782d7b38b58e8544d8a872a8704d0bccae61cfc443d65b9d6c67bf2d120779bad20405bf9b6
SSDEEP

49152:LrwuLv0LO0GwEKfUNlek/R7e748ilgoVSdtlccobm:HNj8jG5Kfye748ilfgrlcc

Score

10^/10

njrat hacked trojan

Malware Config

Extracted

Family

njrat

Version

v2.0

Botnet

HacKed

C2

should-conjunction.at.ply.gg:29414

Mutex

Windows

Attributes

reg_key
Windows
splitter
|-F-|

Targets

- Target
  
  98ee71b0a06c4e3b3d83889129b45330.exe
- Size
  
  1.6MB
- MD5
  
  98ee71b0a06c4e3b3d83889129b45330
- SHA1
  
  7dba5c789bd3bf963fd6be44112b1f90f8f90ba1
- SHA256
  
  3673256d2b15a3ddd656ce595b43b409b3e1c2a19df82cc34c03c3a4632aacfc
- SHA512
  
  2ad67b315160d449df03050192650e3f6c5248db3b96c621ea89f782d7b38b58e8544d8a872a8704d0bccae61cfc443d65b9d6c67bf2d120779bad20405bf9b6
- SSDEEP
  
  49152:LrwuLv0LO0GwEKfUNlek/R7e748ilgoVSdtlccobm:HNj8jG5Kfye748ilfgrlcc
Score

10^/10

njrat hacked trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathackedtrojan

behavioral2

njrathackedtrojan