njrat | 4c4a405e23f317a69e5dd5428ece6902600c6d0a31f29cc5eb3416514a42ce29 | Triage

Sharing

General

Target

test3.exe
Size

37KB
Sample

241225-pc6htssqaq
MD5

2f771b3461d8ddc93842c39feca9bc44
SHA1

4814441916df2c5ae700ef8b380c25a59d119789
SHA256

4c4a405e23f317a69e5dd5428ece6902600c6d0a31f29cc5eb3416514a42ce29
SHA512

28efaa86ee085bc9e0e5cafa5afefd2bc028479cc9a4019f9b86ae921bbf658bb2cfa0340a8de99fa2e1dcf71abd6960f3af67c01256f23c92b87cda02b3e06e
SSDEEP

384:Rc3Vqi0PJZtbH9KyM+2LzmQnfSsWQLarAF+rMRTyN/0L+EcoinblneHQM3epzXTT:eYJ95M+2L6Q6tQurM+rMRa8NuFRt

Score

10^/10

njrat zona loxov discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

ZONA LOXOV

C2

prapor03212.ddns.net:1527

Mutex

80b27082d3ac717de5243f17973af804

Attributes

reg_key
80b27082d3ac717de5243f17973af804
splitter
|'|'|

Targets

- Target
  
  test3.exe
- Size
  
  37KB
- MD5
  
  2f771b3461d8ddc93842c39feca9bc44
- SHA1
  
  4814441916df2c5ae700ef8b380c25a59d119789
- SHA256
  
  4c4a405e23f317a69e5dd5428ece6902600c6d0a31f29cc5eb3416514a42ce29
- SHA512
  
  28efaa86ee085bc9e0e5cafa5afefd2bc028479cc9a4019f9b86ae921bbf658bb2cfa0340a8de99fa2e1dcf71abd6960f3af67c01256f23c92b87cda02b3e06e
- SSDEEP
  
  384:Rc3Vqi0PJZtbH9KyM+2LzmQnfSsWQLarAF+rMRTyN/0L+EcoinblneHQM3epzXTT:eYJ95M+2L6Q6tQurM+rMRa8NuFRt
Score

10^/10

njrat zona loxov discovery evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

System Time Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

zona loxovnjrat

behavioral1

njratzona loxovdiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

discoveryevasionpersistenceprivilege_escalation