njrat | d33937a6d70570f745c73a0a8081124cdd6905027fffdc434e668e2e3441bb71 | Triage

Sharing

General

Target

pen.exe
Size

448KB
Sample

241004-qa43navhjl
MD5

92f0e23bae710d6a01fdd0fc4182b403
SHA1

6d5c588fa083d42089d1fd7f0a7a58afeeb40db4
SHA256

d33937a6d70570f745c73a0a8081124cdd6905027fffdc434e668e2e3441bb71
SHA512

bd449da740b97d4d542108be81fb6ca0bac92e4047205eb77c14d83822e4655b03b02a11fdee803c19fc5e722dd9c45824bb35f0f60397ad43eb2e2757e39eca
SSDEEP

6144:F61E/QSnxoEMTlXEulocTUtVMzVtoEJUU/rhg3sjPWHwNsJLtBU/:F6ErxJMTtEulPUfMzVWU/NZAtY

Score

10^/10

njrat lk discovery trojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

lk

C2

main-peers.at.ply.gg:14391

Mutex

10dbba546f79cfd65d5be18f9b8967bc

Attributes

reg_key
10dbba546f79cfd65d5be18f9b8967bc
splitter
|'|'|

Targets

- Target
  
  pen.exe
- Size
  
  448KB
- MD5
  
  92f0e23bae710d6a01fdd0fc4182b403
- SHA1
  
  6d5c588fa083d42089d1fd7f0a7a58afeeb40db4
- SHA256
  
  d33937a6d70570f745c73a0a8081124cdd6905027fffdc434e668e2e3441bb71
- SHA512
  
  bd449da740b97d4d542108be81fb6ca0bac92e4047205eb77c14d83822e4655b03b02a11fdee803c19fc5e722dd9c45824bb35f0f60397ad43eb2e2757e39eca
- SSDEEP
  
  6144:F61E/QSnxoEMTlXEulocTUtVMzVtoEJUU/rhg3sjPWHwNsJLtBU/:F6ErxJMTtEulPUfMzVWU/NZAtY
Score

10^/10

njrat lk discovery trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratlkdiscoverytrojan