njrat | 81fbdbaf4a7ed22ef0829ee101a808a916e023f74b370a108869770037c61ea3 | Triage

Resubmissions

22-02-2024 14:33

240222-rw92gabe84 10

22-02-2024 14:32

240222-rv9pbabe57 1

Sharing

General

Target

downloadf-5984vghm1-rar.html
Size

17KB
Sample

240222-rw92gabe84
MD5

d6fa5fb91e78e7e43a66729cf87665ff
SHA1

ea3765b6c84bddeb8a006463621e699fd413097f
SHA256

81fbdbaf4a7ed22ef0829ee101a808a916e023f74b370a108869770037c61ea3
SHA512

4b9d0e95643770f04e51cdeca4af17b5e6bd6870c406772a7e2336634ba1073db0d269f90c6f204f9845272be55d2a9f0d330ff33915ce12577835ad8d10b99a
SSDEEP

384:BfRIjUDGO2G9kLL9jl+dVchxMhZCUtiPziMKxv0uldCjw/vZWrFV:BfRIjUDGO2G9kLL9jl+dVc2cLKxXdCgU

Score

10^/10

njrat hacked evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

mawkly939.hopto.org:1177

Mutex

df6c55d0ce38f2eb5def2187b310e673

Attributes

reg_key
df6c55d0ce38f2eb5def2187b310e673
splitter
|'|'|

Targets

- Target
  
  downloadf-5984vghm1-rar.html
- Size
  
  17KB
- MD5
  
  d6fa5fb91e78e7e43a66729cf87665ff
- SHA1
  
  ea3765b6c84bddeb8a006463621e699fd413097f
- SHA256
  
  81fbdbaf4a7ed22ef0829ee101a808a916e023f74b370a108869770037c61ea3
- SHA512
  
  4b9d0e95643770f04e51cdeca4af17b5e6bd6870c406772a7e2336634ba1073db0d269f90c6f204f9845272be55d2a9f0d330ff33915ce12577835ad8d10b99a
- SSDEEP
  
  384:BfRIjUDGO2G9kLL9jl+dVchxMhZCUtiPziMKxv0uldCjw/vZWrFV:BfRIjUDGO2G9kLL9jl+dVc2cLKxXdCgU
Score

10^/10

njrat hacked evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

njrathackedevasionpersistencetrojan