njrat | 6c5a5e171e68cad9819bfa3e616ddd784bc33ce6b02f20a3a0b8a7f32219be6e

Resubmissions

12-01-2025 12:21

250112-pjfwravjfr 10

12-01-2025 11:42

250112-nt53ystkdr 10

Sharing

Copy URL

Twitter E-mail

General

Target

1.exe
Size

534KB
Sample

250112-nt53ystkdr
MD5

becb4157c10b13c03a7849a1169993fb
SHA1

390dc55b13cf5103c827bca9eae8eb076782e4e2
SHA256

6c5a5e171e68cad9819bfa3e616ddd784bc33ce6b02f20a3a0b8a7f32219be6e
SHA512

fa0c7a75d1e03af164e8529db1ce63f9f5bfc73e1ef47e3d261733c0089609733d20425bc2f37a979bb61c505d86af797a95e590871f5f2eb25af9ecf659fd7f
SSDEEP

12288:lJsGdIoz8g1czlSY2YKHss+Uqvnq3z0FLzYjKRkZ6UA:lOGOo/czlSY2VHsrUqveKRg

Score

10^/10

Malware Config

Extracted

Family

njrat

Version

<- NjRAT 0.7d Horror Edition ->

Botnet

F9t family

japanese-cross.gl.at.ply.gg:16828

Mutex

0ecb0ae2cd4872c3a8e9ee19da99e4b8

Attributes

reg_key
0ecb0ae2cd4872c3a8e9ee19da99e4b8
splitter
Y262SUCZ4UJJ

Targets

- Target
  
  1.exe
- Size
  
  534KB
- MD5
  
  becb4157c10b13c03a7849a1169993fb
- SHA1
  
  390dc55b13cf5103c827bca9eae8eb076782e4e2
- SHA256
  
  6c5a5e171e68cad9819bfa3e616ddd784bc33ce6b02f20a3a0b8a7f32219be6e
- SHA512
  
  fa0c7a75d1e03af164e8529db1ce63f9f5bfc73e1ef47e3d261733c0089609733d20425bc2f37a979bb61c505d86af797a95e590871f5f2eb25af9ecf659fd7f
- SSDEEP
  
  12288:lJsGdIoz8g1czlSY2YKHss+Uqvnq3z0FLzYjKRkZ6UA:lOGOo/czlSY2VHsrUqveKRg
Score

10^/10

njrat f9t family discovery trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Njrat family

njRAT/Bladabindi

Checks computer location settings

Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2