njrat | 590383f4bc81eb472544475d3f93b43967d12d499a1bc46e031d7cd5001d348c | Triage

Sharing

General

Target

2792-29-0x00000000002A0000-0x0000000000B6A000-memory.dmp
Size

8.8MB
Sample

241007-k91xdsxerk
MD5

dc12c3ed6545883e412fd53aee9f9bc8
SHA1

745727e55ea35ef91fdae244f1d09f146309090c
SHA256

590383f4bc81eb472544475d3f93b43967d12d499a1bc46e031d7cd5001d348c
SHA512

eef34bca2e27e0e1ea61c12d82a85407a852b7ef236c4d6a91ec2e85a9be4a85219363759dbb2db23744c7772b9ccd0209977621a681f1345fa5754bfe30be4c
SSDEEP

196608:Ryz6ERB80Yd/m9r8IstNEcOq+OM2OYje:RI6ERBud/m9rmDOezj

Score

10^/10

njrat hacked discovery persistence themida trojan

Malware Config

Extracted

Family

njrat

Version

v4.0

Botnet

HacKed

C2

still-obviously.gl.at.ply.gg:46857

Mutex

Windows

Attributes

reg_key
Windows
splitter
|-F-|

Targets

- Target
  
  2792-29-0x00000000002A0000-0x0000000000B6A000-memory.dmp
- Size
  
  8.8MB
- MD5
  
  dc12c3ed6545883e412fd53aee9f9bc8
- SHA1
  
  745727e55ea35ef91fdae244f1d09f146309090c
- SHA256
  
  590383f4bc81eb472544475d3f93b43967d12d499a1bc46e031d7cd5001d348c
- SHA512
  
  eef34bca2e27e0e1ea61c12d82a85407a852b7ef236c4d6a91ec2e85a9be4a85219363759dbb2db23744c7772b9ccd0209977621a681f1345fa5754bfe30be4c
- SSDEEP
  
  196608:Ryz6ERB80Yd/m9r8IstNEcOq+OM2OYje:RI6ERBud/m9rmDOezj
Score

10^/10

njrat hacked discovery persistence themida trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

themidahackednjrat

behavioral1

behavioral2

njrathackeddiscoverypersistencethemidatrojan