njrat | 0b12ff391a080d3b62c4ea0c2eba0a67eed8d26652c78a9f1654cb2e7213c20a | Triage

Sharing

General

Target

64d731b7bdbe7b1697fb1d97ca12505e_JaffaCakes118
Size

14KB
Sample

240521-1e17nsbb89
MD5

64d731b7bdbe7b1697fb1d97ca12505e
SHA1

82c98d771536d6207655afbce00fda763b9c362f
SHA256

0b12ff391a080d3b62c4ea0c2eba0a67eed8d26652c78a9f1654cb2e7213c20a
SHA512

e4e6361188e1e65e1621acd1b5a7ea1ac5a5a280ae3f07d1fb8804cd32caa538469d4dfa2e87f8b157d5a7bc248e8f7637e6a0627fdc1a55eb314ec10d5736c2
SSDEEP

384:/m0dWH0vos2ii8u+OjyzZc7BFzf+tjsQdHugSCJ5/ezd:RdWHNB+OjyOlFzcjsUugVod

Score

10^/10

njrat q evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

q

C2

192.168.1.3:7777

Mutex

ad0e8fb502ecf928942daab540ba981e

Attributes

reg_key
ad0e8fb502ecf928942daab540ba981e
splitter
Y262SUCZ4UJJ

Targets

- Target
  
  CL.exe
- Size
  
  31KB
- MD5
  
  d7e87763288419fb13d503ebb46bfbf2
- SHA1
  
  54b7f3497b1ac1767fbe9f830e9feba03482518b
- SHA256
  
  02879d94414bb75a4167bea440b3e538e13ddcb325a66d88404629afc83395dd
- SHA512
  
  6ccf406712260b1508347df04fc4e002f7572b04a974b203f0522132fa0051b1dc4e12710dba711cd54c3ee1e5bfa6b8f007ad214038c187c0eb924080fe7132
- SSDEEP
  
  768:+dQZlGFnf6zxV+Ny/kfxfbvCYoQmIDUu0ti0zGj:1Iq8bnoQVkej
Score

10^/10

njrat evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratevasiontrojan

behavioral2

njratevasiontrojan