njrat | 111c25bd4cd2f4771e7fec9e564c623218e06eb1b9d839cf58a9f117b4979ac0 | Triage

Sharing

General

Target

productinfo.exe
Size

675KB
Sample

230605-jvdmwafh9x
MD5

7e41b02d2dc1786d5c008c127d38041f
SHA1

e425aa7a2907c44446f3c9f5213b10ab4774579a
SHA256

111c25bd4cd2f4771e7fec9e564c623218e06eb1b9d839cf58a9f117b4979ac0
SHA512

940fa350da661bc6d14a4fcd47f1a266e03a98e67124c39daa1233703ef0fe322139b3c35493b66b734f77f453da9bfaff205a669eea5a71df83989084cf61a8
SSDEEP

12288:zrgDZYg3dHlWxMzIHREJVk/bq4izoW/m7R8IJJz5FJuGjNKdnzP8NWQ:zMWSdHlWxMiQW/O4ue7RjDjIAN

Score

10^/10

njrat hacked trojan

Malware Config

Extracted

Family

njrat

Version

v4.0

Botnet

HacKed

C2

194.55.224.37:7777

Mutex

Windows

Attributes

reg_key
Windows
splitter
|-F-|

Targets

- Target
  
  productinfo.exe
- Size
  
  675KB
- MD5
  
  7e41b02d2dc1786d5c008c127d38041f
- SHA1
  
  e425aa7a2907c44446f3c9f5213b10ab4774579a
- SHA256
  
  111c25bd4cd2f4771e7fec9e564c623218e06eb1b9d839cf58a9f117b4979ac0
- SHA512
  
  940fa350da661bc6d14a4fcd47f1a266e03a98e67124c39daa1233703ef0fe322139b3c35493b66b734f77f453da9bfaff205a669eea5a71df83989084cf61a8
- SSDEEP
  
  12288:zrgDZYg3dHlWxMzIHREJVk/bq4izoW/m7R8IJJz5FJuGjNKdnzP8NWQ:zMWSdHlWxMiQW/O4ue7RjDjIAN
Score

10^/10

njrat hacked trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathackedtrojan

behavioral2

njrathackedtrojan