njrat | 717f2e59cca4b924b908081ad8f9d8e99e8daef705c02b0aa997a67d63c2cd8a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4d3971102f9666faae3ed014ddb2cfd8
Size

402KB
Sample

240109-d2t1jsdhgm
MD5

4d3971102f9666faae3ed014ddb2cfd8
SHA1

1fdfc7530368f33da739d87dd5b73cdea61f63dc
SHA256

717f2e59cca4b924b908081ad8f9d8e99e8daef705c02b0aa997a67d63c2cd8a
SHA512

6d24fc35b52de6c62593abb72e7e71a168600f876366eec5a6f4a3ebbaa39fa34b2c7e87869226f9678887cd03e7d5d0a4cad0778fad2ac4770cf48244242fea
SSDEEP

6144:smaKVBGmE84IMNv55giU0pKiFYHxfx15RvOagakZBxkTN2gmeGcFnVQb/DAYbDgW:FSmLAuEY71fviagATFmebVQDcYc6

Score

10^/10

njrat pdf evasion persistence trojan upx

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

pdf

C2

hhhmach.ddns.net:1177

Mutex

5cd8f17f4086744065eb0992a09e05a2

Attributes

reg_key
5cd8f17f4086744065eb0992a09e05a2
splitter
|'|'|

Targets

- Target
  
  4d3971102f9666faae3ed014ddb2cfd8
- Size
  
  402KB
- MD5
  
  4d3971102f9666faae3ed014ddb2cfd8
- SHA1
  
  1fdfc7530368f33da739d87dd5b73cdea61f63dc
- SHA256
  
  717f2e59cca4b924b908081ad8f9d8e99e8daef705c02b0aa997a67d63c2cd8a
- SHA512
  
  6d24fc35b52de6c62593abb72e7e71a168600f876366eec5a6f4a3ebbaa39fa34b2c7e87869226f9678887cd03e7d5d0a4cad0778fad2ac4770cf48244242fea
- SSDEEP
  
  6144:smaKVBGmE84IMNv55giU0pKiFYHxfx15RvOagakZBxkTN2gmeGcFnVQb/DAYbDgW:FSmLAuEY71fviagATFmebVQDcYc6
Score

10^/10

njrat pdf evasion persistence trojan upx
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratpdfevasionpersistencetrojanupx

behavioral2

njratpdfevasionpersistencetrojanupx