njrat | f857377bc716ab8482b4616dcff2565f1856ffee5d1a9f689e09e531e30b3687 | Triage

Sharing

General

Target

f857377bc716ab8482b4616dcff2565f1856ffee5d1a9f689e09e531e30b3687N
Size

1.5MB
Sample

241026-wdfr5awhqg
MD5

6a21cde8b8a7b0f807a7ee0dafb29da0
SHA1

713d148daafc2b5805cbca810fc2908e8a1b20ed
SHA256

f857377bc716ab8482b4616dcff2565f1856ffee5d1a9f689e09e531e30b3687
SHA512

d98a84ed7a08d239007d6fe4969619719dafc8351aad07028d2dca7c3b8e2abbe6d9e00631ffaf40e616166797b948e7f0afd869ab09f364fb5ba852ca402a30
SSDEEP

24576:4uDXTIGaPhEYzUzA0dfKxD4BUzQibSmCCIKHr8gUYEvtz97szUjtQ5GHG3:3Djlabwz98ZnzbbP5Hr8p1v0wQGHo

Score

10^/10

njrat paper vpn discovery trojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

Paper VPN

C2

race-frequent.gl.at.ply.gg:32547

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|Hassan|

Targets

- Target
  
  f857377bc716ab8482b4616dcff2565f1856ffee5d1a9f689e09e531e30b3687N
- Size
  
  1.5MB
- MD5
  
  6a21cde8b8a7b0f807a7ee0dafb29da0
- SHA1
  
  713d148daafc2b5805cbca810fc2908e8a1b20ed
- SHA256
  
  f857377bc716ab8482b4616dcff2565f1856ffee5d1a9f689e09e531e30b3687
- SHA512
  
  d98a84ed7a08d239007d6fe4969619719dafc8351aad07028d2dca7c3b8e2abbe6d9e00631ffaf40e616166797b948e7f0afd869ab09f364fb5ba852ca402a30
- SSDEEP
  
  24576:4uDXTIGaPhEYzUzA0dfKxD4BUzQibSmCCIKHr8gUYEvtz97szUjtQ5GHG3:3Djlabwz98ZnzbbP5Hr8p1v0wQGHo
Score

10^/10

njrat paper vpn discovery trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratpaper vpndiscoverytrojan

behavioral2

njratpaper vpndiscoverytrojan