njrat | f17fd9ff93d1b3db6c3e4463d5ca5c11b99827890c58721d2860df75d4323705 | Triage

Submit
Reports

Overview

overview

Static

static

3

d33dec2799...53.exe

windows7-x64

d33dec2799...53.exe

windows10-2004-x64

Sharing

General

Target

d33dec279966da2024c05d5fde688253
Size

1.2MB
Sample

240318-l75y1aeb85
MD5

d33dec279966da2024c05d5fde688253
SHA1

74bde021ba65fdd33fd420568b6a2da406ac07e8
SHA256

f17fd9ff93d1b3db6c3e4463d5ca5c11b99827890c58721d2860df75d4323705
SHA512

67ec505fb9305493699af82de2054ebedcf033867bd9cd14bac7fef392d5f69ce9aaa61a408e67f346153aaa05c1c65aff8e0c63d99477bd04fc6e25c4262fd8
SSDEEP

24576:ANA3R5drXPrfi4T6sNNuT0Zb7mnyxuYuroyvUC0l6:55jl6GuT0tmNTrTsCe6

Score

10^/10

njrat gold trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d33dec279966da2024c05d5fde688253.exe

Resource

win7-20240221-en

njrat gold trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

d33dec279966da2024c05d5fde688253.exe

Resource

win10v2004-20240226-en

njrat gold trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

njrat

Version

20

Botnet

gold

C2

149.248.52.61:87

Mutex

165d6ed988ac

Attributes

reg_key
165d6ed988ac
splitter
|'|'|

Targets

- Target
  
  d33dec279966da2024c05d5fde688253
- Size
  
  1.2MB
- MD5
  
  d33dec279966da2024c05d5fde688253
- SHA1
  
  74bde021ba65fdd33fd420568b6a2da406ac07e8
- SHA256
  
  f17fd9ff93d1b3db6c3e4463d5ca5c11b99827890c58721d2860df75d4323705
- SHA512
  
  67ec505fb9305493699af82de2054ebedcf033867bd9cd14bac7fef392d5f69ce9aaa61a408e67f346153aaa05c1c65aff8e0c63d99477bd04fc6e25c4262fd8
- SSDEEP
  
  24576:ANA3R5drXPrfi4T6sNNuT0Zb7mnyxuYuroyvUC0l6:55jl6GuT0tmNTrTsCe6
Score

10^/10

njrat gold trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

njratgoldtrojan

behavioral2

njratgoldtrojan

© 2018-2024

Terms | Privacy