njrat | 639d28b15f1b7eacb0643ec4d0d01f616c67331e4922ff70fb0c11d159a71722 | Triage

Sharing

General

Target

639d28b15f1b7eacb0643ec4d0d01f616c67331e4922ff70fb0c11d159a71722.exe
Size

32KB
Sample

240927-yjajeawenl
MD5

d215d82add10de20937f053fec9f0569
SHA1

65646c8357ca589202b7aa930a63204241940520
SHA256

639d28b15f1b7eacb0643ec4d0d01f616c67331e4922ff70fb0c11d159a71722
SHA512

17ce160fd3e7f4e711ef9514e5b254e7f4ffd82c922ae262873de5de70c41648546bb8f18c0aadb30fc2d50413cf6d98efb6c1381c24a082d76edab8a4d3544c
SSDEEP

384:8Vit2wUQCG+JexvsiOrhAh9kLAZFPI+uT00olDModg9TdFpyFEIGsJjwE7UMcrio:LiGtUrrhAAA/iouDbEEIGfRh+f

Score

10^/10

njrat hacked by hidden person discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Botnet

Hacked By HiDDen PerSOn

Mutex

6b39b87ae598b13f573812c34bd0e980

Attributes

reg_key
6b39b87ae598b13f573812c34bd0e980

Targets

- Target
  
  639d28b15f1b7eacb0643ec4d0d01f616c67331e4922ff70fb0c11d159a71722.exe
- Size
  
  32KB
- MD5
  
  d215d82add10de20937f053fec9f0569
- SHA1
  
  65646c8357ca589202b7aa930a63204241940520
- SHA256
  
  639d28b15f1b7eacb0643ec4d0d01f616c67331e4922ff70fb0c11d159a71722
- SHA512
  
  17ce160fd3e7f4e711ef9514e5b254e7f4ffd82c922ae262873de5de70c41648546bb8f18c0aadb30fc2d50413cf6d98efb6c1381c24a082d76edab8a4d3544c
- SSDEEP
  
  384:8Vit2wUQCG+JexvsiOrhAh9kLAZFPI+uT00olDModg9TdFpyFEIGsJjwE7UMcrio:LiGtUrrhAAA/iouDbEEIGfRh+f
Score

10^/10

njrat hacked by hidden person discovery evasion persistence privilege_escalation trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

hacked by hidden personnjrat

behavioral1

njrathacked by hidden persondiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

njratdiscoveryevasionpersistenceprivilege_escalationtrojan