njrat | 89925e9162e4a7a2ec8cabed0da1d03552fbdf4d3efb1ffdb96407b66b959fbb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0c598e0a1d33a95614cda837f2d8cf55
Size

112KB
Sample

231230-dg9khagcgn
MD5

0c598e0a1d33a95614cda837f2d8cf55
SHA1

d125d2b68d6e9152c7de2bfccaff53cabd990e3a
SHA256

89925e9162e4a7a2ec8cabed0da1d03552fbdf4d3efb1ffdb96407b66b959fbb
SHA512

4a4e4887eb5f000ab60fca507af1de2a4ca74ac9e89b52e7bf7539655695d54918774a96b2781a17780e51d94902ede1b8b94fffc336fb08ee6ed23eca4b37dc
SSDEEP

1536:UhWkvHfkmxUS2Bvsi4auMIofmSUbWkdnlJ6iHfLvg1pdtaXXbvihQQ3eNTespMDT:OHfkmxUSCVuMJ3UbvlYAjn7ov3saspMH

Score

10^/10

njrat javaw evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

javaw

C2

kevinmitnick121.duckdns.org:1133

Mutex

7a793c9db4ef3df6f9918c45784e547f

Attributes

reg_key
7a793c9db4ef3df6f9918c45784e547f
splitter
|'|'|

Targets

- Target
  
  0c598e0a1d33a95614cda837f2d8cf55
- Size
  
  112KB
- MD5
  
  0c598e0a1d33a95614cda837f2d8cf55
- SHA1
  
  d125d2b68d6e9152c7de2bfccaff53cabd990e3a
- SHA256
  
  89925e9162e4a7a2ec8cabed0da1d03552fbdf4d3efb1ffdb96407b66b959fbb
- SHA512
  
  4a4e4887eb5f000ab60fca507af1de2a4ca74ac9e89b52e7bf7539655695d54918774a96b2781a17780e51d94902ede1b8b94fffc336fb08ee6ed23eca4b37dc
- SSDEEP
  
  1536:UhWkvHfkmxUS2Bvsi4auMIofmSUbWkdnlJ6iHfLvg1pdtaXXbvihQQ3eNTespMDT:OHfkmxUSCVuMJ3UbvlYAjn7ov3saspMH
Score

10^/10

njrat javaw evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratjavawevasionpersistencetrojan

behavioral2

njratjavawevasionpersistencetrojan