njrat | 3ad32746894dc3406c5a2b9bd3627c75e56887d2b92f0100e883d1cadbdad57b | Triage

Sharing

General

Target

24710356d2b88a67d0107cddc467cdc9.exe
Size

26KB
Sample

230319-qszkwsge59
MD5

24710356d2b88a67d0107cddc467cdc9
SHA1

4e6f3384adfccf76198d00a03987781e3524105b
SHA256

3ad32746894dc3406c5a2b9bd3627c75e56887d2b92f0100e883d1cadbdad57b
SHA512

7abcc225cf02827801744d98f05816e0dd18602cbe567a6acb74ac9d49893a9eecbc67504847f24be6c62008c8482f72b3bb63eb0e694fb638d67e0df4c43e76
SSDEEP

384:r1LaRuc+oYiKJ0pjRB7Puth5M6ve1jCKsuatydbZN8Cr9131ctP1um7M84Sr6es8:rV+4foR6W1AJtIb4iEPg

Score

10^/10

njrat trojan

Malware Config

Targets

- Target
  
  24710356d2b88a67d0107cddc467cdc9.exe
- Size
  
  26KB
- MD5
  
  24710356d2b88a67d0107cddc467cdc9
- SHA1
  
  4e6f3384adfccf76198d00a03987781e3524105b
- SHA256
  
  3ad32746894dc3406c5a2b9bd3627c75e56887d2b92f0100e883d1cadbdad57b
- SHA512
  
  7abcc225cf02827801744d98f05816e0dd18602cbe567a6acb74ac9d49893a9eecbc67504847f24be6c62008c8482f72b3bb63eb0e694fb638d67e0df4c43e76
- SSDEEP
  
  384:r1LaRuc+oYiKJ0pjRB7Puth5M6ve1jCKsuatydbZN8Cr9131ctP1um7M84Sr6es8:rV+4foR6W1AJtIb4iEPg
Score

10^/10

njrat trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2