Overview

overview

10

Static

static

3

njRatEraser1.6.exe

windows7-x64

1

njRatEraser1.6.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    njRatEraser1.6.exe

  • Size

    4.7MB

  • Sample

    230518-1h5dhach5s

  • MD5

    5faf42458a7de567d089e631c7cde132

  • SHA1

    2ac6bd1cb527c055d82aa05df6547dbb5def35f7

  • SHA256

    594276f64b7890fc1e18116dcaf767e50eba397765a6b6c7dde7f9c725b46f5f

  • SHA512

    74b6e19ba3d76057fee07c30b4ea408a8727cfdc9473522db8a5e8aa6afd1bdd2d859039b9c279fb675a6bf580655cca50064296793a888107fe0c367dfb4ffb

  • SSDEEP

    98304:VB4+ZV3v8/Dp1nYApBwagK47M44evsLkjgAnpG3wNiPZycX:Vu+D3v8b7nYugCdijgApHsZyc

Score
10/10
njratternyahaevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

Ternyaha

C2

129.151.203.1:16934

Mutex

c895004acf6a8782f48c02029e339de7

Attributes
  • reg_key

    c895004acf6a8782f48c02029e339de7

  • splitter

    |'|'|

Targets

    • Target

      njRatEraser1.6.exe

    • Size

      4.7MB

    • MD5

      5faf42458a7de567d089e631c7cde132

    • SHA1

      2ac6bd1cb527c055d82aa05df6547dbb5def35f7

    • SHA256

      594276f64b7890fc1e18116dcaf767e50eba397765a6b6c7dde7f9c725b46f5f

    • SHA512

      74b6e19ba3d76057fee07c30b4ea408a8727cfdc9473522db8a5e8aa6afd1bdd2d859039b9c279fb675a6bf580655cca50064296793a888107fe0c367dfb4ffb

    • SSDEEP

      98304:VB4+ZV3v8/Dp1nYApBwagK47M44evsLkjgAnpG3wNiPZycX:Vu+D3v8b7nYugCdijgApHsZyc

    Score
    10/10
    njratternyahaevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks