njrat | 3ce4f1864d97c5a67c5e7cc2b95bbb41c04f543b87a79e536d8cc967f230f5ef | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3ce4f1864d97c5a67c5e7cc2b95bbb41c04f543b87a79e536d8cc967f230f5efN.exe
Size

158KB
Sample

241230-wpjm6aslak
MD5

23a40c967d707eade5cfe85155482ed0
SHA1

031f1da1325b3a766825d5b0fa6d6f8861a17887
SHA256

3ce4f1864d97c5a67c5e7cc2b95bbb41c04f543b87a79e536d8cc967f230f5ef
SHA512

37f33673d920a1b170e34c7ae9e1d50a7a1ad59ad1e34f5dd6b7b0e70ba543c8b9c5e101554a2ac9b08e1ebc392ef7a415178e17449ceaf522a8966619fce92a
SSDEEP

1536:UfsEqouTRcG/Mzvgf7xEuvnXNTRdUzwTekUOisZ1yDDajtXbVXKXcwFtRWuqk:UVqoCl/YgjxEufVU0TbTyDDalRucwb0c

Score

10^/10

njrat hacked discovery evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

feacebook.us.to:4444

Mutex

09a96e8bdcc22f9e796248ee9591454a

Attributes

reg_key
09a96e8bdcc22f9e796248ee9591454a
splitter
|'|'|

Targets

- Target
  
  3ce4f1864d97c5a67c5e7cc2b95bbb41c04f543b87a79e536d8cc967f230f5efN.exe
- Size
  
  158KB
- MD5
  
  23a40c967d707eade5cfe85155482ed0
- SHA1
  
  031f1da1325b3a766825d5b0fa6d6f8861a17887
- SHA256
  
  3ce4f1864d97c5a67c5e7cc2b95bbb41c04f543b87a79e536d8cc967f230f5ef
- SHA512
  
  37f33673d920a1b170e34c7ae9e1d50a7a1ad59ad1e34f5dd6b7b0e70ba543c8b9c5e101554a2ac9b08e1ebc392ef7a415178e17449ceaf522a8966619fce92a
- SSDEEP
  
  1536:UfsEqouTRcG/Mzvgf7xEuvnXNTRdUzwTekUOisZ1yDDajtXbVXKXcwFtRWuqk:UVqoCl/YgjxEufVU0TbTyDDalRucwb0c
Score

10^/10

njrat hacked discovery trojan evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackeddiscoverytrojan

behavioral2

njrathackeddiscoveryevasionpersistencetrojan