njrat | 250c903f73ad31a3c17601ec4763bb81032f68f4670e53d52f33e703ef6fd335 | Triage

Sharing

General

Target

98ee71b0a06c4e3b3d83889129b45330.bin
Size

1.6MB
Sample

230320-bxec7adc3w
MD5

7a04d65b7500a038fb8096f361ee3cde
SHA1

95d1af96d6e02f5a60187c32a3dbc381166fcd9e
SHA256

250c903f73ad31a3c17601ec4763bb81032f68f4670e53d52f33e703ef6fd335
SHA512

c0c338645467b1561735ea0869891cf8480f16857477852062c81a56e863fdb4e3c8930483d78183999a0c92a2a95868314738ca4d49adeccf2bc766bcedb8d3
SSDEEP

49152:jYqVB/Kd5V7yS+sJLKajzIhSc/6AY8TQRlOK7:jTBYyOJLbzIzts+C

Score

10^/10

njrat hacked trojan

Malware Config

Extracted

Family

njrat

Version

v2.0

Botnet

HacKed

C2

should-conjunction.at.ply.gg:29414

Mutex

Windows

Attributes

reg_key
Windows
splitter
|-F-|

Targets

- Target
  
  3673256d2b15a3ddd656ce595b43b409b3e1c2a19df82cc34c03c3a4632aacfc.exe
- Size
  
  1.6MB
- MD5
  
  98ee71b0a06c4e3b3d83889129b45330
- SHA1
  
  7dba5c789bd3bf963fd6be44112b1f90f8f90ba1
- SHA256
  
  3673256d2b15a3ddd656ce595b43b409b3e1c2a19df82cc34c03c3a4632aacfc
- SHA512
  
  2ad67b315160d449df03050192650e3f6c5248db3b96c621ea89f782d7b38b58e8544d8a872a8704d0bccae61cfc443d65b9d6c67bf2d120779bad20405bf9b6
- SSDEEP
  
  49152:LrwuLv0LO0GwEKfUNlek/R7e748ilgoVSdtlccobm:HNj8jG5Kfye748ilfgrlcc
Score

10^/10

njrat hacked trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathackedtrojan

behavioral2

njrathackedtrojan