njrat | fba63c7a8f43b64b63d3a452a87c429f2d85bb0df6e7f29d556a24f497b1080e | Triage

Sharing

General

Target

windows10.exe
Size

27KB
Sample

230516-eajwyabd22
MD5

68dabbb65a6969294c7d930d64388156
SHA1

994e0c755a74c1b72437e3fd4f099083a3d43c55
SHA256

fba63c7a8f43b64b63d3a452a87c429f2d85bb0df6e7f29d556a24f497b1080e
SHA512

5ce1ea47434505dec7572592c95d6997880ce8156cb1bfd427ab51ccf94876749708150767f05b247870d4f60335b3c6d7c911e77c4b8edbc09cb40d18954e46
SSDEEP

384:VLllYHHeIYTzRRcbg8iEPrthZMVAQk93vmhm7UMKmIEecKdbXTzm9bVhcah6Vr6s:1LZxRm8VA/vMHTi9bD

Score

10^/10

njrat victem persistence trojan

Malware Config

Extracted

Family

njrat

Version

v2.0

Botnet

Victem

C2

paul-positive.at.ply.gg:9693

Mutex

Windows

Attributes

reg_key
Windows
splitter
|-F-|

Targets

- Target
  
  windows10.exe
- Size
  
  27KB
- MD5
  
  68dabbb65a6969294c7d930d64388156
- SHA1
  
  994e0c755a74c1b72437e3fd4f099083a3d43c55
- SHA256
  
  fba63c7a8f43b64b63d3a452a87c429f2d85bb0df6e7f29d556a24f497b1080e
- SHA512
  
  5ce1ea47434505dec7572592c95d6997880ce8156cb1bfd427ab51ccf94876749708150767f05b247870d4f60335b3c6d7c911e77c4b8edbc09cb40d18954e46
- SSDEEP
  
  384:VLllYHHeIYTzRRcbg8iEPrthZMVAQk93vmhm7UMKmIEecKdbXTzm9bVhcah6Vr6s:1LZxRm8VA/vMHTi9bD
Score

10^/10

njrat victem persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Modify Registry

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

njratvictempersistencetrojan