njrat | 8920797352a55d0413ab4642e7e2dcd049d702678f6870f6f58ac64e814e5720 | Triage

Sharing

General

Target

6f2bf69913f6bf47a6ae722c9640a311
Size

46KB
Sample

240122-j5798scda9
MD5

6f2bf69913f6bf47a6ae722c9640a311
SHA1

5aa0c1acc2c56f283a9694f4953f6085f0b0059d
SHA256

8920797352a55d0413ab4642e7e2dcd049d702678f6870f6f58ac64e814e5720
SHA512

0721b0c5ad0ce0049609da9f59359fb5d895005342f87697683c9ffbb63213b125c8c81f55dfef50b7678b0f52ad3707d8c4cbdfadb64b8136f236bb3a30164c
SSDEEP

768:MB9QFE9xTu53yAeC1lNhTTHxAlbL0gUqrvs9kIL4:MBN9A5CAeCRpTHMbL0gU6+ka4

Score

10^/10

njrat r77 rootkit trojan

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://github.com/NGROKC/CTC/raw/main/CTC64.dll

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://github.com/NGROKC/CTC/raw/main/CTC86.dll

Targets

- Target
  
  6f2bf69913f6bf47a6ae722c9640a311
- Size
  
  46KB
- MD5
  
  6f2bf69913f6bf47a6ae722c9640a311
- SHA1
  
  5aa0c1acc2c56f283a9694f4953f6085f0b0059d
- SHA256
  
  8920797352a55d0413ab4642e7e2dcd049d702678f6870f6f58ac64e814e5720
- SHA512
  
  0721b0c5ad0ce0049609da9f59359fb5d895005342f87697683c9ffbb63213b125c8c81f55dfef50b7678b0f52ad3707d8c4cbdfadb64b8136f236bb3a30164c
- SSDEEP
  
  768:MB9QFE9xTu53yAeC1lNhTTHxAlbL0gUqrvs9kIL4:MBN9A5CAeCRpTHMbL0gU6+ka4
Score

10^/10

njrat trojan r77 rootkit
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- r77
  r77 is an open-source, userland rootkit.
  rootkit r77
- r77 rootkit payload
  Detects the payload of the r77 rootkit.
- Blocklisted process makes network request
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

njratr77rootkittrojan