njrat | 172f10ae33196a11f01badca777c0479e888e27ab7852e4ec229ef4b3cf16a94 | Triage

Sharing

General

Target

172f10ae33196a11f01badca777c0479e888e27ab7852e4ec229ef4b3cf16a94N.exe
Size

72KB
Sample

250104-fq2blawjej
MD5

830c26f8622816db28843dbc86435e80
SHA1

4400c8a99cde6340a285936837dea78afdc74ccf
SHA256

172f10ae33196a11f01badca777c0479e888e27ab7852e4ec229ef4b3cf16a94
SHA512

5ab43dfb0a2bf1b6bf6923766887555adcd16fe57767e940ccf933220ce5508a3cf99086dd3a3fb4e49e93317ca9ce96b406cb9190c40602fe251dc71f6f5e2b
SSDEEP

768:2whjxxKg9TJy+fWsvzyVSAvckRl/95GaYlOEQ3A18/4yUdgdc4smWteEtN1V6ZPu:9xK8/yX0Al9wLlO057+OFkPdrSkJJZw

Score

10^/10

njrat trojan

Malware Config

Targets

- Target
  
  172f10ae33196a11f01badca777c0479e888e27ab7852e4ec229ef4b3cf16a94N.exe
- Size
  
  72KB
- MD5
  
  830c26f8622816db28843dbc86435e80
- SHA1
  
  4400c8a99cde6340a285936837dea78afdc74ccf
- SHA256
  
  172f10ae33196a11f01badca777c0479e888e27ab7852e4ec229ef4b3cf16a94
- SHA512
  
  5ab43dfb0a2bf1b6bf6923766887555adcd16fe57767e940ccf933220ce5508a3cf99086dd3a3fb4e49e93317ca9ce96b406cb9190c40602fe251dc71f6f5e2b
- SSDEEP
  
  768:2whjxxKg9TJy+fWsvzyVSAvckRl/95GaYlOEQ3A18/4yUdgdc4smWteEtN1V6ZPu:9xK8/yX0Al9wLlO057+OFkPdrSkJJZw
Score

10^/10

njrat trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2