njrat | 2ca5d6bd734ac603e9c5064611ee6f0fab62005a85ffdb9e1c180aa4e0a18353 | Triage

Sharing

General

Target

0x0009000000016af7-8.dat
Size

27KB
Sample

241102-z6549swdlm
MD5

d010a1a6e4e73e19b88c1f280c417a43
SHA1

99ac6501fee007d1ea4409ce9a1535d7298acc90
SHA256

2ca5d6bd734ac603e9c5064611ee6f0fab62005a85ffdb9e1c180aa4e0a18353
SHA512

b21fa039145b9b4e37686fe420d012b8d7c61913f5db237f56e4bc4ee14f90cb21aeb33f2f2f359ee6d4626230e278c6de860b1b79e48861f027a6c7c571d645
SSDEEP

384:cLBBi/W/7mgEp87wYK2GePqZhbMzAQk93vmhm7UMKmIEecKdbXTzm9bVhcac6urZ:6W/sqoHTzA/vMHTi9bD

Score

10^/10

njrat hacked discovery persistence trojan

Malware Config

Extracted

Family

njrat

Version

v4.0

Botnet

HacKed

C2

94.46.207.10:1177

Mutex

Windows

Attributes

reg_key
Windows
splitter
|-F-|

Targets

- Target
  
  0x0009000000016af7-8.dat
- Size
  
  27KB
- MD5
  
  d010a1a6e4e73e19b88c1f280c417a43
- SHA1
  
  99ac6501fee007d1ea4409ce9a1535d7298acc90
- SHA256
  
  2ca5d6bd734ac603e9c5064611ee6f0fab62005a85ffdb9e1c180aa4e0a18353
- SHA512
  
  b21fa039145b9b4e37686fe420d012b8d7c61913f5db237f56e4bc4ee14f90cb21aeb33f2f2f359ee6d4626230e278c6de860b1b79e48861f027a6c7c571d645
- SSDEEP
  
  384:cLBBi/W/7mgEp87wYK2GePqZhbMzAQk93vmhm7UMKmIEecKdbXTzm9bVhcac6urZ:6W/sqoHTzA/vMHTi9bD
Score

10^/10

njrat hacked discovery persistence trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackeddiscoverypersistencetrojan

behavioral2

njrathackeddiscoverypersistencetrojan