njrat | 3ce2612c8d59e06c0aac8e466e37efd8d07a2c4c91e5c894e44d8ec069aac668 | Triage

Sharing

General

Target

3ce2612c8d59e06c0aac8e466e37efd8d07a2c4c91e5c894e44d8ec069aac668.exe
Size

23KB
Sample

240523-bq89zsge69
MD5

ef3997fba7e285c97c28140e51928249
SHA1

66734f8816697b868d9dd1dafb49ad1c3a153755
SHA256

3ce2612c8d59e06c0aac8e466e37efd8d07a2c4c91e5c894e44d8ec069aac668
SHA512

5422450cc95c23bffd47ba84acd489ac3997ffdb3851c167fb6925ca011afa0be5d0ed0a619b095cd3ee1f52ea9d14000e864b2cd577ab301ee65714cc7c1966
SSDEEP

384:68aLWS0dABLYVq6RxP8MDFF09vK563gRMmJKUv0mRvR6JZlbw8hqIusZzZZr:9Xcwt3tRpcnu6

Score

10^/10

njrat t1 evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

t1

C2

10.9.203.254:3131

Mutex

969f98392400891a1a1da27da68a2a1d

Attributes

reg_key
969f98392400891a1a1da27da68a2a1d
splitter
|'|'|

Targets

- Target
  
  3ce2612c8d59e06c0aac8e466e37efd8d07a2c4c91e5c894e44d8ec069aac668.exe
- Size
  
  23KB
- MD5
  
  ef3997fba7e285c97c28140e51928249
- SHA1
  
  66734f8816697b868d9dd1dafb49ad1c3a153755
- SHA256
  
  3ce2612c8d59e06c0aac8e466e37efd8d07a2c4c91e5c894e44d8ec069aac668
- SHA512
  
  5422450cc95c23bffd47ba84acd489ac3997ffdb3851c167fb6925ca011afa0be5d0ed0a619b095cd3ee1f52ea9d14000e864b2cd577ab301ee65714cc7c1966
- SSDEEP
  
  384:68aLWS0dABLYVq6RxP8MDFF09vK563gRMmJKUv0mRvR6JZlbw8hqIusZzZZr:9Xcwt3tRpcnu6
Score

10^/10

njrat t1 evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

njratt1evasionpersistencetrojan

behavioral2

njratevasionpersistencetrojan