njrat | 53bddbe7bc25e4103041bc18bd85f9feacdff9306aacc50b28bc89fb5fac3595 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

forkerbomb.exe
Size

37KB
Sample

240530-vjg2psff63
MD5

7e45ca42d9229d3304d6a7ef7431e7b2
SHA1

b8c6734417f7639afdefd99b836ef1de31679888
SHA256

53bddbe7bc25e4103041bc18bd85f9feacdff9306aacc50b28bc89fb5fac3595
SHA512

eb629ab51fb120d27d56a20f60580ff2c9fa4c45943ed308b4ca0ed2d994e082b608064099f85c7a3d8f048e8119ca74043b1883230df5bcbb84c88705480298
SSDEEP

384:alTMUiDHblmJEpRGyEfBffXNKCYyEAurAF+rMRTyN/0L+EcoinblneHQM3epzX78:ETqHpR9EfBfVKClEHrM+rMRa8Nu1Ut

Score

10^/10

njrat hacked evasion macos persistence trojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

19.ip.gl.ply.gg:45758

Mutex

cefc22da74b080e322f392168f5c3c86

Attributes

reg_key
cefc22da74b080e322f392168f5c3c86
splitter
|'|'|

Targets

- Target
  
  forkerbomb.exe
- Size
  
  37KB
- MD5
  
  7e45ca42d9229d3304d6a7ef7431e7b2
- SHA1
  
  b8c6734417f7639afdefd99b836ef1de31679888
- SHA256
  
  53bddbe7bc25e4103041bc18bd85f9feacdff9306aacc50b28bc89fb5fac3595
- SHA512
  
  eb629ab51fb120d27d56a20f60580ff2c9fa4c45943ed308b4ca0ed2d994e082b608064099f85c7a3d8f048e8119ca74043b1883230df5bcbb84c88705480298
- SSDEEP
  
  384:alTMUiDHblmJEpRGyEfBffXNKCYyEAurAF+rMRTyN/0L+EcoinblneHQM3epzX78:ETqHpR9EfBfVKClEHrM+rMRa8Nu1Ut
Score

10^/10

njrat hacked evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Hide Artifacts

Resource Forking

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackedevasionpersistencetrojan

behavioral2

evasionpersistence

behavioral3