njrat | 85fe87ea771624f0298537eaa5125fabdd4030c905fef48dc378edf9d8563e8b | Triage

Sharing

General

Target

85fe87ea771624f0298537eaa5125fabdd4030c905fef48dc378edf9d8563e8b
Size

16KB
Sample

240419-v4nd8aag44
MD5

c7ce8674978121254fd1a65f7846f049
SHA1

76d61846aab492231678d13a6ece67708109a233
SHA256

85fe87ea771624f0298537eaa5125fabdd4030c905fef48dc378edf9d8563e8b
SHA512

f960a6a416a8a4152c7cae3041284f4f3a8e2bfdadcc65f16e643406bdb1b3a59f195c32a530b12efc44fa96161bd8aaf3b5d8206873790e704a2521354ed1a8
SSDEEP

384:45wUDliipXrmZCUwVso2cpdG/f/Ei98a4qdkf95u6s:0liEXrZUwVJ2c/A39f+fa5

Score

10^/10

njrat max evasion trojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

MAX

C2

0.tcp.eu.ngrok.io:13241

Mutex

0557bafb14c73fcc927e4c1c97522cd6

Attributes

reg_key
0557bafb14c73fcc927e4c1c97522cd6
splitter
|'|'|

Targets

- Target
  
  6339af085c42edefc5bff55a84c66e8945a567eb193cc29b497aeb0233d53e0f.exe
- Size
  
  37KB
- MD5
  
  a78337c1b891d73341d4012dc77fbea1
- SHA1
  
  e80f17b9e3650d9461234efe9cbca0cd96b0b0fb
- SHA256
  
  6339af085c42edefc5bff55a84c66e8945a567eb193cc29b497aeb0233d53e0f
- SHA512
  
  7c21e0680442c2c170cd494e32709c367e47a955ac2e61dd1f223e31ef5d400cb11eb2d5420943cc343c05df0b1b654575d2e7364f1706e42c664af4f4d0df73
- SSDEEP
  
  384:q2aIiudjtD+P3V+y0b3+LCtf1QseiXFrAF+rMRTyN/0L+EcoinblneHQM3epzXKL:TFmV10b3+LCtCViVrM+rMRa8NuzWt
Score

10^/10

njrat max evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

njratmaxevasiontrojan

behavioral2

njratmaxevasiontrojan