njrat | f8598e1c8e9c9f77ad9352ec4775c3201eb41bff83ec38f336639a229bd3b29c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1ee59cd6889f01d2a7b4db51061647d4
Size

32KB
Sample

231230-2p7b4sefgm
MD5

1ee59cd6889f01d2a7b4db51061647d4
SHA1

a060f5e2ddc960e0e875bb2d51c03c25005aec29
SHA256

f8598e1c8e9c9f77ad9352ec4775c3201eb41bff83ec38f336639a229bd3b29c
SHA512

9dcd2d836b4be5bbd8997374544a3080c468c5799b0423beb9b929873be93f993cc4f8ab3d7249e320a1b11d5b30294d6bd6fa8e4bb7d852ec69c9fd38a44c14
SSDEEP

768:xg54FuhOvsYEolLnsq+OzVlgpuoVo/aYclHnDyman:pFucvsnoWXCTwuso/a3ljyZ

Score

10^/10

njrat security evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

security

C2

192.168.162.129:4444

Mutex

a060718d98f6fd31b221f0ea5860dce7

Attributes

reg_key
a060718d98f6fd31b221f0ea5860dce7
splitter
|'|'|

Targets

- Target
  
  1ee59cd6889f01d2a7b4db51061647d4
- Size
  
  32KB
- MD5
  
  1ee59cd6889f01d2a7b4db51061647d4
- SHA1
  
  a060f5e2ddc960e0e875bb2d51c03c25005aec29
- SHA256
  
  f8598e1c8e9c9f77ad9352ec4775c3201eb41bff83ec38f336639a229bd3b29c
- SHA512
  
  9dcd2d836b4be5bbd8997374544a3080c468c5799b0423beb9b929873be93f993cc4f8ab3d7249e320a1b11d5b30294d6bd6fa8e4bb7d852ec69c9fd38a44c14
- SSDEEP
  
  768:xg54FuhOvsYEolLnsq+OzVlgpuoVo/aYclHnDyman:pFucvsnoWXCTwuso/a3ljyZ
Score

10^/10

njrat security evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratsecurityevasionpersistencetrojan

behavioral2

njratsecurityevasiontrojan