njrat | e1fdf894780ccf149939a72dffb6e8046ac62810fda22a8c8bab0f4fe0bbf70b | Triage

Sharing

General

Target

e1fdf894780ccf149939a72dffb6e8046ac62810fda22a8c8bab0f4fe0bbf70b.exe
Size

103KB
Sample

241122-lebjpatqem
MD5

61fd98dbc93dae448c37f01db0724adc
SHA1

92e9d04549511a5fd92f1c3dc3b6e14bdd7d30a6
SHA256

e1fdf894780ccf149939a72dffb6e8046ac62810fda22a8c8bab0f4fe0bbf70b
SHA512

cf3b513b9a02ed4f10df583bc083898b96b565fbd5dc8164ce0a38de10f53c6f0416178b54e63337f5b099b6d981fa73a548544345b870ffb68317262ae88f2f
SSDEEP

1536:J7SbmW9xXfy0AeX9kSNvnyY21oFhWzc9PkykrIxFZEb8t/FT:J7SbJ9ZX9kqKY21Bqk0Zf

Score

10^/10

njrat discovery trojan

Malware Config

Targets

- Target
  
  e1fdf894780ccf149939a72dffb6e8046ac62810fda22a8c8bab0f4fe0bbf70b.exe
- Size
  
  103KB
- MD5
  
  61fd98dbc93dae448c37f01db0724adc
- SHA1
  
  92e9d04549511a5fd92f1c3dc3b6e14bdd7d30a6
- SHA256
  
  e1fdf894780ccf149939a72dffb6e8046ac62810fda22a8c8bab0f4fe0bbf70b
- SHA512
  
  cf3b513b9a02ed4f10df583bc083898b96b565fbd5dc8164ce0a38de10f53c6f0416178b54e63337f5b099b6d981fa73a548544345b870ffb68317262ae88f2f
- SSDEEP
  
  1536:J7SbmW9xXfy0AeX9kSNvnyY21oFhWzc9PkykrIxFZEb8t/FT:J7SbJ9ZX9kqKY21Bqk0Zf
Score

10^/10

njrat discovery trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratdiscoverytrojan

behavioral2

njratdiscoverytrojan