njrat | 7fbff56a5c6c7269baaeeacd2ed70dc625e8e7137b70d284dcd4ba12a17a5f35 | Triage

Sharing

General

Target

NEAS.5323e11bd0c264bf43a4215ba33ce990_JC.exe
Size

93KB
Sample

231103-zmj3paab9w
MD5

5323e11bd0c264bf43a4215ba33ce990
SHA1

ba44aa845163c4e7d8a41460dc704dfb6b014fe7
SHA256

7fbff56a5c6c7269baaeeacd2ed70dc625e8e7137b70d284dcd4ba12a17a5f35
SHA512

673baed9352b4ae5e1b5cd0b74dc03103c9f15516431c854a02a60aa87cc8dceff762c05176038513414d2b27712656883bfd759a61fdd9118315fc54518f918
SSDEEP

768:8Y34QdyZnDQMMpAZrGSt6udttXyosahkGJiXxrjEtCdnl2pi1Rz4Rk3VsGdpugS7:UQYZD3rGWNd7dhkhjEwzGi1dDFDugS

Score

10^/10

njrat hackedbymalware evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKedByMalware

C2

hakim32.ddns.net:2000

0�#r��-`.1:9386

Mutex

6e260ec5ede46d01445436ce38e3055a

Attributes

reg_key
6e260ec5ede46d01445436ce38e3055a
splitter
|'|'|

Targets

- Target
  
  NEAS.5323e11bd0c264bf43a4215ba33ce990_JC.exe
- Size
  
  93KB
- MD5
  
  5323e11bd0c264bf43a4215ba33ce990
- SHA1
  
  ba44aa845163c4e7d8a41460dc704dfb6b014fe7
- SHA256
  
  7fbff56a5c6c7269baaeeacd2ed70dc625e8e7137b70d284dcd4ba12a17a5f35
- SHA512
  
  673baed9352b4ae5e1b5cd0b74dc03103c9f15516431c854a02a60aa87cc8dceff762c05176038513414d2b27712656883bfd759a61fdd9118315fc54518f918
- SSDEEP
  
  768:8Y34QdyZnDQMMpAZrGSt6udttXyosahkGJiXxrjEtCdnl2pi1Rz4Rk3VsGdpugS7:UQYZD3rGWNd7dhkhjEwzGi1dDFDugS
Score

10^/10

njrat hackedbymalware evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

hackedbymalwarenjrat

behavioral1

njrathackedbymalwareevasiontrojan

behavioral2

njrathackedbymalwareevasiontrojan