njrat | 95552ba8792c194f1440f23ab9217b0b9d70105acea152e2b1244a5e22236092 | Triage

Sharing

General

Target

95552ba8792c194f1440f23ab9217b0b9d70105acea152e2b1244a5e22236092
Size

14KB
Sample

240419-vavansae6s
MD5

96699c74fb14d927013bdb47c817360c
SHA1

6964a43a1fe2785f309dc15b57e40f09fccbf526
SHA256

95552ba8792c194f1440f23ab9217b0b9d70105acea152e2b1244a5e22236092
SHA512

50103fa83cf904439aa4f8e1270ba020827c409e144d00a17b9e0c43b380dcb8a7876e10af3b6c92273d2aab3806e1ad1ed665d9d8ec8fb628ec7c6877b4d45a
SSDEEP

384:DvLjzlEBkgtaFPu+BiXVGZJ1qN7keZ3MmvCPWqQrlHC:Dvfzwkgtalu9XYbqqu3tvCPWTrlC

Score

10^/10

njrat hacked persistence trojan

Malware Config

Extracted

Family

njrat

Version

v2.0

Botnet

HacKed

C2

172.20.6.206:1992

Mutex

Windows

Attributes

reg_key
Windows
splitter
|-F-|

Targets

- Target
  
  d5c62e521f44e5fc7bc80dd61a163e86405eae49dbbc9101aad6b6261b79abf9.exe
- Size
  
  31KB
- MD5
  
  a5ad2d1796744144d739569bb466b307
- SHA1
  
  42de0164c8cbd9b6c64100de720d2e0c49ebcb77
- SHA256
  
  d5c62e521f44e5fc7bc80dd61a163e86405eae49dbbc9101aad6b6261b79abf9
- SHA512
  
  45fa09478a871a75f4650a56529632bfddf93990819c6d5212753325305a7946c631076897b13e62297136ae26db064fef701dea23453ea504b4c2517d5e74b9
- SSDEEP
  
  384:c8LBBi/W/7mgEp87wYK2GePqZhbM2AQk93vmhm7UMKmIEecKdbXTzm9bVhcaO6fd:5W/sqoHT2A/vMHTi9bD/Qz1n
Score

10^/10

njrat hacked persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackedpersistencetrojan

behavioral2