njrat | be43ffca4e5f7cb4e7ae867096328dcd214a3e780388b44d49128024e1b9edde | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3fb3732041864cba98c47ac8434d9556
Size

142KB
Sample

231225-19c4bshfgr
MD5

3fb3732041864cba98c47ac8434d9556
SHA1

680efd0d20f38dfabcc98e287cdf1df49ee76c12
SHA256

be43ffca4e5f7cb4e7ae867096328dcd214a3e780388b44d49128024e1b9edde
SHA512

21e7322cd0acbad52d697e103c8d2e788985eb26248da32ee0ba20c667182f781335523ffebfe272e3c851cef0201c1ca488f0250cec54c8e8d310d3c6541930
SSDEEP

3072:AM01e1SDW35DH8H214YqVXjCmByk4u5v5c1smXzl:AMGeFpDcKP2XJBykAxX

Score

10^/10

njrat hacked evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

127.0.0.1:6655

Mutex

29d46e6057c2d086410a0de13c00867e

Attributes

reg_key
29d46e6057c2d086410a0de13c00867e
splitter
|'|'|

Targets

- Target
  
  3fb3732041864cba98c47ac8434d9556
- Size
  
  142KB
- MD5
  
  3fb3732041864cba98c47ac8434d9556
- SHA1
  
  680efd0d20f38dfabcc98e287cdf1df49ee76c12
- SHA256
  
  be43ffca4e5f7cb4e7ae867096328dcd214a3e780388b44d49128024e1b9edde
- SHA512
  
  21e7322cd0acbad52d697e103c8d2e788985eb26248da32ee0ba20c667182f781335523ffebfe272e3c851cef0201c1ca488f0250cec54c8e8d310d3c6541930
- SSDEEP
  
  3072:AM01e1SDW35DH8H214YqVXjCmByk4u5v5c1smXzl:AMGeFpDcKP2XJBykAxX
Score

10^/10

njrat hacked evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackedevasionpersistencetrojan

behavioral2

njrathackedevasionpersistencetrojan