njrat | 6e0125f382bf828fbff9e7467a227c0584385395c2cb20a06a4c045f9ac6a43d | Triage

Sharing

General

Target

New Client.exe
Size

164KB
Sample

231011-gvya6sfh76
MD5

f08772b3bdde7388a4c43b7e41da5684
SHA1

439cd4653ddbdf9d7433a165f5cd4eb6afe82bcb
SHA256

6e0125f382bf828fbff9e7467a227c0584385395c2cb20a06a4c045f9ac6a43d
SHA512

7776c2894397fae7a1934af7d87513d5e25114a10fd9cbb3fbbcc8fb1512dc68cad8b066dbba7c9462ded0d9c5c70f32d9fca42b18a72a0a2a67fd04755945a3
SSDEEP

3072:0ibn/zRv40/9nUx0EpuCRwzzbEcr5+cbet7lo9Wagc:0i3Ux0EjGz4q5jbKz5

Score

10^/10

njrat persistence trojan

Malware Config

Targets

- Target
  
  New Client.exe
- Size
  
  164KB
- MD5
  
  f08772b3bdde7388a4c43b7e41da5684
- SHA1
  
  439cd4653ddbdf9d7433a165f5cd4eb6afe82bcb
- SHA256
  
  6e0125f382bf828fbff9e7467a227c0584385395c2cb20a06a4c045f9ac6a43d
- SHA512
  
  7776c2894397fae7a1934af7d87513d5e25114a10fd9cbb3fbbcc8fb1512dc68cad8b066dbba7c9462ded0d9c5c70f32d9fca42b18a72a0a2a67fd04755945a3
- SSDEEP
  
  3072:0ibn/zRv40/9nUx0EpuCRwzzbEcr5+cbet7lo9Wagc:0i3Ux0EjGz4q5jbKz5
Score

10^/10

njrat persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratpersistencetrojan

behavioral2

njratpersistencetrojan