njrat | fbfea1db4497202597c91cfda1d44136e85ca74fbf780baab2f1b1520c724cd8 | Triage

Sharing

General

Target

fbfea1db4497202597c91cfda1d44136e85ca74fbf780baab2f1b1520c724cd8.exe
Size

23KB
Sample

241001-r4tpfsyfpd
MD5

3ff1c9a4374b6796cdd642efab97169f
SHA1

8a7f3f69324b3dceb8e1aecae2dbf6fbe9f65693
SHA256

fbfea1db4497202597c91cfda1d44136e85ca74fbf780baab2f1b1520c724cd8
SHA512

804aa71e6b883973e7978e39d2724784c978ab1c1ec741fa2544968273cabd771907321f5918408880a0f15b38f1db9080889f27d6830c0853da8b5098654874
SSDEEP

384:iluBPiZCMfdfSJrQbsLRGSIxYVL46pg/i8BD9BmRvR6JZlbw8hqIusZzZqZY:1OmhtIiRpcnulY

Score

10^/10

njrat 내따꽈리 discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

내따꽈리

C2

asdgdcvxzcv.kro.kr:2222

Mutex

651deda00b27ab86d974483926aa2300

Attributes

reg_key
651deda00b27ab86d974483926aa2300
splitter
|'|'|

Targets

- Target
  
  fbfea1db4497202597c91cfda1d44136e85ca74fbf780baab2f1b1520c724cd8.exe
- Size
  
  23KB
- MD5
  
  3ff1c9a4374b6796cdd642efab97169f
- SHA1
  
  8a7f3f69324b3dceb8e1aecae2dbf6fbe9f65693
- SHA256
  
  fbfea1db4497202597c91cfda1d44136e85ca74fbf780baab2f1b1520c724cd8
- SHA512
  
  804aa71e6b883973e7978e39d2724784c978ab1c1ec741fa2544968273cabd771907321f5918408880a0f15b38f1db9080889f27d6830c0853da8b5098654874
- SSDEEP
  
  384:iluBPiZCMfdfSJrQbsLRGSIxYVL46pg/i8BD9BmRvR6JZlbw8hqIusZzZqZY:1OmhtIiRpcnulY
Score

10^/10

njrat 내따꽈리 discovery evasion persistence privilege_escalation trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

내따꽈리njrat

behavioral1

njrat내따꽈리discoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

njratdiscoveryevasionpersistenceprivilege_escalationtrojan