njrat | b3d9bdfea091d460753d3a1b787ef95dae81a7b67ac58b8560b40efd0ce52065 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b3d9bdfea091d460753d3a1b787ef95dae81a7b67ac58b8560b40efd0ce52065.exe
Size

804KB
Sample

240604-pxxfnagg63
MD5

891268785e8fda537a73363e1e5ebbaa
SHA1

6dd788c34a3a64a5087d143a05c538ae6a2726b2
SHA256

b3d9bdfea091d460753d3a1b787ef95dae81a7b67ac58b8560b40efd0ce52065
SHA512

0767b072740bc814aea0764f410bb6118e1eafbbd671be382bd20431676e484adf34a983364672e0b1210b97d0f38b2ca0b8a25be424b978a8286d4c058d1b56
SSDEEP

12288:iHcvn0+xAEkHcvn0+xAEkHcvn0+xAEkHcvn0+xAE/2iNcHcvn0+xAES4kDmbDm0C:jTPTPTPTt13T4mbS0Kt

Score

10^/10

njrat fifa 09 evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

FIFA 09

C2

seznam.zapto.org:1177

Mutex

69fac9529d1ca1e2d66c9edf70af1f9d

Attributes

reg_key
69fac9529d1ca1e2d66c9edf70af1f9d
splitter
|'|'|

Targets

- Target
  
  b3d9bdfea091d460753d3a1b787ef95dae81a7b67ac58b8560b40efd0ce52065.exe
- Size
  
  804KB
- MD5
  
  891268785e8fda537a73363e1e5ebbaa
- SHA1
  
  6dd788c34a3a64a5087d143a05c538ae6a2726b2
- SHA256
  
  b3d9bdfea091d460753d3a1b787ef95dae81a7b67ac58b8560b40efd0ce52065
- SHA512
  
  0767b072740bc814aea0764f410bb6118e1eafbbd671be382bd20431676e484adf34a983364672e0b1210b97d0f38b2ca0b8a25be424b978a8286d4c058d1b56
- SSDEEP
  
  12288:iHcvn0+xAEkHcvn0+xAEkHcvn0+xAEkHcvn0+xAE/2iNcHcvn0+xAES4kDmbDm0C:jTPTPTPTt13T4mbS0Kt
Score

10^/10

njrat fifa 09 evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratfifa 09evasionpersistencetrojan

behavioral2

njratfifa 09evasionpersistencetrojan