njrat | 203c63f49bf313d9bbffe20a7fe9e43d7eb6e5b9028e84aa7bf6a0cf298e3173 | Triage

Sharing

General

Target

3BBE777C826B35B3182146F0DD4EB7AC.exe
Size

531KB
Sample

231208-vfahfschc4
MD5

3bbe777c826b35b3182146f0dd4eb7ac
SHA1

7c5271d9af919542bc5cc94352ed3539acc58385
SHA256

203c63f49bf313d9bbffe20a7fe9e43d7eb6e5b9028e84aa7bf6a0cf298e3173
SHA512

64059c322a102693209e6f0cc3e172f32bba068dc6be091ccc6bb277e48d594aa5d9a02622d3c2acb2f8e12f6c9985550dcbb785b15b69467bbcbed505464b82
SSDEEP

12288:aI4sr6oFWG14VNSkbKGIKXJ6QAZ/lZhskU:0srVbKQe6QitZc

Score

10^/10

njrat hacked trojan

Malware Config

Extracted

Family

njrat

Version

v4.0

Botnet

HacKed

C2

91.92.240.141:5577

Mutex

Windows

Attributes

reg_key
Windows
splitter
|-F-|

Targets

- Target
  
  3BBE777C826B35B3182146F0DD4EB7AC.exe
- Size
  
  531KB
- MD5
  
  3bbe777c826b35b3182146f0dd4eb7ac
- SHA1
  
  7c5271d9af919542bc5cc94352ed3539acc58385
- SHA256
  
  203c63f49bf313d9bbffe20a7fe9e43d7eb6e5b9028e84aa7bf6a0cf298e3173
- SHA512
  
  64059c322a102693209e6f0cc3e172f32bba068dc6be091ccc6bb277e48d594aa5d9a02622d3c2acb2f8e12f6c9985550dcbb785b15b69467bbcbed505464b82
- SSDEEP
  
  12288:aI4sr6oFWG14VNSkbKGIKXJ6QAZ/lZhskU:0srVbKQe6QitZc
Score

10^/10

njrat hacked trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackedtrojan

behavioral2

njrathackedtrojan