njrat | b7e1828bb63c771098cd4512ddda67a703598cd10831bc57011d832fccef8355 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0120d69be07db305e8ce36d6734b061e
Size

212KB
Sample

231225-ddbt3afae7
MD5

0120d69be07db305e8ce36d6734b061e
SHA1

f53f83048d533a7d98e4e8f99c3399b82aa4ba29
SHA256

b7e1828bb63c771098cd4512ddda67a703598cd10831bc57011d832fccef8355
SHA512

ced9a40c3f114cceba6dfdc1e5f053477e4565d3150c637c7391f82cb82d0e8e3375a92560ac57b9ca6f874b086f17580c70d3a16676d11841af389957849db6
SSDEEP

3072:TJacj8v7wQ+ZGx7w8wjjP8I1IU8RjrzzvUWAOZjfKdLnY6:TJPgv7wJZ87wBjYI1IUwrIOZyY6

Score

10^/10

njrat hacked evasion persistence trojan upx

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

Hacked

C2

abdo95.ddns.net:1177

Mutex

ed6e2bf930f6d35b3ac57c049d10ac2c

Attributes

reg_key
ed6e2bf930f6d35b3ac57c049d10ac2c
splitter
|'|'|

Targets

- Target
  
  0120d69be07db305e8ce36d6734b061e
- Size
  
  212KB
- MD5
  
  0120d69be07db305e8ce36d6734b061e
- SHA1
  
  f53f83048d533a7d98e4e8f99c3399b82aa4ba29
- SHA256
  
  b7e1828bb63c771098cd4512ddda67a703598cd10831bc57011d832fccef8355
- SHA512
  
  ced9a40c3f114cceba6dfdc1e5f053477e4565d3150c637c7391f82cb82d0e8e3375a92560ac57b9ca6f874b086f17580c70d3a16676d11841af389957849db6
- SSDEEP
  
  3072:TJacj8v7wQ+ZGx7w8wjjP8I1IU8RjrzzvUWAOZjfKdLnY6:TJPgv7wJZ87wBjYI1IUwrIOZyY6
Score

10^/10

evasion persistence upx njrat hacked trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistenceupx

behavioral2

njrathackedevasionpersistencetrojanupx