njrat | edba8ccd7dfdd0f156fb80183439684faf4aa2f70f131d4ee192e73e12e72f0f | Triage

Sharing

General

Target

0fbd44c0822387461816967898b57865.exe
Size

636KB
Sample

240101-yn88jabef4
MD5

0fbd44c0822387461816967898b57865
SHA1

5bdff7cd36e866e6d5f122b5d18e871653740ab4
SHA256

edba8ccd7dfdd0f156fb80183439684faf4aa2f70f131d4ee192e73e12e72f0f
SHA512

aa783b078e3a1e65fe8ff3597eb1dffc7d1267cf9bbe50b8d32dc39dcb9673bebcfed7743b4a31114c9dad4a5bd0df35978ad87c83525b7a82d805245fc0e78b
SSDEEP

12288:Uzpeojs6NrsfWa/G2oy9bawFkHaW6Ofm1VHV:UYEE/9baXaW6Oc1

Score

10^/10

njrat destroyer evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Destroyer

C2

plankxd.ddns.net:1177

Mutex

2f806f40c5d4533d860b3bd9e1a2b698

Attributes

reg_key
2f806f40c5d4533d860b3bd9e1a2b698
splitter
|'|'|

Targets

- Target
  
  0fbd44c0822387461816967898b57865.exe
- Size
  
  636KB
- MD5
  
  0fbd44c0822387461816967898b57865
- SHA1
  
  5bdff7cd36e866e6d5f122b5d18e871653740ab4
- SHA256
  
  edba8ccd7dfdd0f156fb80183439684faf4aa2f70f131d4ee192e73e12e72f0f
- SHA512
  
  aa783b078e3a1e65fe8ff3597eb1dffc7d1267cf9bbe50b8d32dc39dcb9673bebcfed7743b4a31114c9dad4a5bd0df35978ad87c83525b7a82d805245fc0e78b
- SSDEEP
  
  12288:Uzpeojs6NrsfWa/G2oy9bawFkHaW6Ofm1VHV:UYEE/9baXaW6Oc1
Score

10^/10

njrat destroyer evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratdestroyerevasionpersistencetrojan

behavioral2

njratdestroyerevasionpersistencetrojan