njrat | a653e4c1521fd408b227bc19b177c072dc2a094416818638df26a0237054fe7c | Triage

Sharing

General

Target

a653e4c1521fd408b227bc19b177c072dc2a094416818638df26a0237054fe7c.exe
Size

37KB
Sample

240927-yay6eayalh
MD5

9f7663bbbedf3509ef1d79c32b9886c6
SHA1

15d2091ec8efc4fe05f86472516f3ccedbcffda0
SHA256

a653e4c1521fd408b227bc19b177c072dc2a094416818638df26a0237054fe7c
SHA512

f8f6c5630950bde3f6af3f4282bfc3cb9182b7e6dbe2b822c793a1fdf0b87d30f9419814c9937bcf8b0b7ab491104273dd5df78aa5d3e30a33cc8c22729b4a9d
SSDEEP

384:BDCnFqi0fJZtbH9KyM+27zmAHPXs2A7qrAF+rMRTyN/0L+EcoinblneHQM3epzXv:UoJ95M+276AvtAurM+rMRa8NunMhMt

Score

10^/10

njrat hacked by killer discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed By KiLLeR

C2

killerfo22.ddns.net:1177

Mutex

0ff598d62c6af797fc0d9c7cb85c8987

Attributes

reg_key
0ff598d62c6af797fc0d9c7cb85c8987
splitter
|'|'|

Targets

- Target
  
  a653e4c1521fd408b227bc19b177c072dc2a094416818638df26a0237054fe7c.exe
- Size
  
  37KB
- MD5
  
  9f7663bbbedf3509ef1d79c32b9886c6
- SHA1
  
  15d2091ec8efc4fe05f86472516f3ccedbcffda0
- SHA256
  
  a653e4c1521fd408b227bc19b177c072dc2a094416818638df26a0237054fe7c
- SHA512
  
  f8f6c5630950bde3f6af3f4282bfc3cb9182b7e6dbe2b822c793a1fdf0b87d30f9419814c9937bcf8b0b7ab491104273dd5df78aa5d3e30a33cc8c22729b4a9d
- SSDEEP
  
  384:BDCnFqi0fJZtbH9KyM+27zmAHPXs2A7qrAF+rMRTyN/0L+EcoinblneHQM3epzXv:UoJ95M+276AvtAurM+rMRa8NunMhMt
Score

10^/10

njrat hacked by killer discovery evasion persistence privilege_escalation trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

hacked by killernjrat

behavioral1

njrathacked by killerdiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

discoveryevasionpersistenceprivilege_escalation