njrat | c3d4926f7dc1a953eb062f469e7c6e72432e2872e38e125c422f1240a8de3832 | Triage

Sharing

General

Target

c3d4926f7dc1a953eb062f469e7c6e72432e2872e38e125c422f1240a8de3832N.exe
Size

172KB
Sample

241231-b626lszret
MD5

261848a51883c136a6c377f9e3829e70
SHA1

64280ed890cb9fe4d241626f85e8e02a59c04973
SHA256

c3d4926f7dc1a953eb062f469e7c6e72432e2872e38e125c422f1240a8de3832
SHA512

b74c7a2f8142703bbd2717faf5222dd8caf9adb22b9e54124bbe3e0e61eeeca849f730cdccd616572868c0e3ea3c79181ef6a5d8aee1dfc48e9642b582ba44ef
SSDEEP

3072:UVqoCl/YgjxEufVU0TbTyDDalR5n93273/+yJKi:UsLqdufVUNDa9932aA

Score

10^/10

njrat paket discovery evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

pakEt

C2

condition-clearance.gl.at.ply.gg:7070

Mutex

9d3a575fdcc2dd1782d18ac5655a8b28

Attributes

reg_key
9d3a575fdcc2dd1782d18ac5655a8b28
splitter
|'|'|

Targets

- Target
  
  c3d4926f7dc1a953eb062f469e7c6e72432e2872e38e125c422f1240a8de3832N.exe
- Size
  
  172KB
- MD5
  
  261848a51883c136a6c377f9e3829e70
- SHA1
  
  64280ed890cb9fe4d241626f85e8e02a59c04973
- SHA256
  
  c3d4926f7dc1a953eb062f469e7c6e72432e2872e38e125c422f1240a8de3832
- SHA512
  
  b74c7a2f8142703bbd2717faf5222dd8caf9adb22b9e54124bbe3e0e61eeeca849f730cdccd616572868c0e3ea3c79181ef6a5d8aee1dfc48e9642b582ba44ef
- SSDEEP
  
  3072:UVqoCl/YgjxEufVU0TbTyDDalR5n93273/+yJKi:UsLqdufVUNDa9932aA
Score

10^/10

njrat paket discovery evasion persistence trojan
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratpaketdiscoveryevasionpersistencetrojan

behavioral2

njratpaketdiscoveryevasionpersistencetrojan