njrat | 3f3bada42f1509f4e1e64c0a84ceaf8d1a96db9c6254330d51c2e150c86eb061 | Triage

Sharing

General

Target

3f3bada42f1509f4e1e64c0a84ceaf8d1a96db9c6254330d51c2e150c86eb061.exe
Size

524KB
Sample

241206-yj36qatqaz
MD5

43fbab667475e2717bbfa907ac2b6786
SHA1

8d5af9836a8713aeed86424189d2cdb8b4318a8d
SHA256

3f3bada42f1509f4e1e64c0a84ceaf8d1a96db9c6254330d51c2e150c86eb061
SHA512

620ed0f8bbe926d4cce8474f4f70e29011bbcef2e3f7be74a6590d134a34f2781f478c4283626f9b53d8cf9054ae3ac83b1ff4d3ccdd67b94c6c24d43f79c474
SSDEEP

12288:irOj+Ri3AgFdNfsuqW8BDSkiqD7hWw+OwZkT:UQ3AgFsuqBXDPj

Score

10^/10

njrat hacked discovery execution trojan

Malware Config

Extracted

Family

njrat

Version

v4.0

Botnet

HacKed

C2

103.186.117.182:7788

Mutex

Windows

Attributes

reg_key
Windows
splitter
|-F-|

Targets

- Target
  
  3f3bada42f1509f4e1e64c0a84ceaf8d1a96db9c6254330d51c2e150c86eb061.exe
- Size
  
  524KB
- MD5
  
  43fbab667475e2717bbfa907ac2b6786
- SHA1
  
  8d5af9836a8713aeed86424189d2cdb8b4318a8d
- SHA256
  
  3f3bada42f1509f4e1e64c0a84ceaf8d1a96db9c6254330d51c2e150c86eb061
- SHA512
  
  620ed0f8bbe926d4cce8474f4f70e29011bbcef2e3f7be74a6590d134a34f2781f478c4283626f9b53d8cf9054ae3ac83b1ff4d3ccdd67b94c6c24d43f79c474
- SSDEEP
  
  12288:irOj+Ri3AgFdNfsuqW8BDSkiqD7hWw+OwZkT:UQ3AgFsuqBXDPj
Score

10^/10

njrat hacked discovery execution trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackeddiscoveryexecutiontrojan

behavioral2

njrathackeddiscoveryexecutiontrojan