njrat | 6c0836ba8e274b0b65000ede6dbb7d786101826b6f51ba808d88f0f36c8a67d1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

200a92ad17110cb3dacc7387b12186c6.bin
Size

14KB
Sample

240422-bg5v7sdd35
MD5

f4abfd9f713b5787f63ff5bbcf1405c5
SHA1

aa3cd7dd01f6614aadf1b9e33b72563c3e49e615
SHA256

6c0836ba8e274b0b65000ede6dbb7d786101826b6f51ba808d88f0f36c8a67d1
SHA512

bd613ffb51967d4445908ba77aa726da37aa035bc86e6fb547ffa93b0c3c17c4df932f5874aae5034c7979579cdaa827ed5f997bb9942df773b5a70fbfa63b84
SSDEEP

384:PPhF7Db7vLxk106X7n9E/JEoEd9xVajleopw:XTzzq1JX7nmx6dacopw

Score

10^/10

njrat ok evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

ok

C2

83.196.78.85:8080

Mutex

19447a578b6a3b2cdbc5a3dc3e7f5251

Attributes

reg_key
19447a578b6a3b2cdbc5a3dc3e7f5251
splitter
Y262SUCZ4UJJ

Targets

- Target
  
  4685803ad19d283ca259f4af5fff5f0c397c0fe0c3032b663d0b99d510c4fcb6.exe
- Size
  
  31KB
- MD5
  
  200a92ad17110cb3dacc7387b12186c6
- SHA1
  
  6bee61858fbf3152f748b3dcdffe0509a8d30a57
- SHA256
  
  4685803ad19d283ca259f4af5fff5f0c397c0fe0c3032b663d0b99d510c4fcb6
- SHA512
  
  1edf29f9ebce81ce230829637a8ad672f8d389984bb020b43992aacbf47674b8f1e5e8af8d7eee1ae42b03c7334e0ccef175a868704fbb265eb4810cde50b0e7
- SSDEEP
  
  768:oJhOBb13hdwzxLy3gcEOvVMRvqfQmIDUu0tiBdj:gUZ6WZ6AQVkuj
Score

10^/10

njrat ok evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratokevasionpersistencetrojan

behavioral2

njratevasionpersistencetrojan