njrat | a01e6a1ce4604181d82e13296191abdb305c97423b9fcbd7ee4ef767f2136ad6 | Triage

Sharing

General

Target

lll.exe
Size

32KB
Sample

230727-j1m4hacb52
MD5

532da7c83e4683a2ab594becffc15580
SHA1

57d8c7ff3b7bf7bbcf472c5bf5d15a4df1e3b62b
SHA256

a01e6a1ce4604181d82e13296191abdb305c97423b9fcbd7ee4ef767f2136ad6
SHA512

ad094d12f9e32f099696e325efd26066f513c15c3e7b9c9f7f1c9f38fda49cb93f0ff8a2cbf915be9ff73bdec874c1dd59b0f0791b87c9487fb3828ba336d509
SSDEEP

768:b4US21HxSgzxbSLw0cWLjrBv1XQmIDUu0tiLkjI:kWDerRFQVkVjI

Score

10^/10

njrat mybot evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

MyBot

C2

score-told.craft.ply.gg:54077

Mutex

c54d9760bfa8660be8f7c061194ec438

Attributes

reg_key
c54d9760bfa8660be8f7c061194ec438
splitter
Y262SUCZ4UJJ

Targets

- Target
  
  lll.exe
- Size
  
  32KB
- MD5
  
  532da7c83e4683a2ab594becffc15580
- SHA1
  
  57d8c7ff3b7bf7bbcf472c5bf5d15a4df1e3b62b
- SHA256
  
  a01e6a1ce4604181d82e13296191abdb305c97423b9fcbd7ee4ef767f2136ad6
- SHA512
  
  ad094d12f9e32f099696e325efd26066f513c15c3e7b9c9f7f1c9f38fda49cb93f0ff8a2cbf915be9ff73bdec874c1dd59b0f0791b87c9487fb3828ba336d509
- SSDEEP
  
  768:b4US21HxSgzxbSLw0cWLjrBv1XQmIDUu0tiLkjI:kWDerRFQVkVjI
Score

10^/10

njrat mybot evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

njratmybotevasiontrojan