njrat | e617b6f2693165f8d2def1bc6da8f614654ce49383170fdca1891da85d333554 | Triage

Sharing

General

Target

e617b6f2693165f8d2def1bc6da8f614654ce49383170fdca1891da85d333554N.exe
Size

591KB
Sample

250108-jfjkkssmfq
MD5

7ad563d1d370af1e8d8e5b6cb5d8ce00
SHA1

066d80afc7a9ec1d9f9132973c130e134757e4d8
SHA256

e617b6f2693165f8d2def1bc6da8f614654ce49383170fdca1891da85d333554
SHA512

06f2fb0f30cbb15a46f4a414eff01db68f9a820a4ad6a0b1f93f61290cef9e6e3ad16c7277ea4d0976e607c80fc5ffc6a30b81abc4d5a51657a458fb8ed75d6f
SSDEEP

6144:lHagJcX+kTQvQDfQFkw01BJWJP98V24rIl3PafNSINywRtF/NZAWP6gH1z7OStK:1cO3QDPBMJKVO/afzNywRt5NmY6E

Score

10^/10

njrat discovery trojan

Malware Config

Targets

- Target
  
  e617b6f2693165f8d2def1bc6da8f614654ce49383170fdca1891da85d333554N.exe
- Size
  
  591KB
- MD5
  
  7ad563d1d370af1e8d8e5b6cb5d8ce00
- SHA1
  
  066d80afc7a9ec1d9f9132973c130e134757e4d8
- SHA256
  
  e617b6f2693165f8d2def1bc6da8f614654ce49383170fdca1891da85d333554
- SHA512
  
  06f2fb0f30cbb15a46f4a414eff01db68f9a820a4ad6a0b1f93f61290cef9e6e3ad16c7277ea4d0976e607c80fc5ffc6a30b81abc4d5a51657a458fb8ed75d6f
- SSDEEP
  
  6144:lHagJcX+kTQvQDfQFkw01BJWJP98V24rIl3PafNSINywRtF/NZAWP6gH1z7OStK:1cO3QDPBMJKVO/afzNywRt5NmY6E
Score

10^/10

discovery njrat trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

njratdiscoverytrojan