njrat | 7cd2a6e49db953a85272081f68ed2fb26dcba2e1e4e23c667834698efd837d33 | Triage

Sharing

General

Target

e8fc3de9676ab8497431ef07b81b79f8.exe
Size

292KB
Sample

250129-sgq6gs1kfw
MD5

e8fc3de9676ab8497431ef07b81b79f8
SHA1

35dc1c30457357de4791ab34ac9a05313a883aa2
SHA256

7cd2a6e49db953a85272081f68ed2fb26dcba2e1e4e23c667834698efd837d33
SHA512

26242df26b55a62ca95e5d6cef9043ede595986fb7bf4eb0ca3b79776b3d5a3e44959d844b33f0b6dfc3374b30f3cc823fda6a45bc66b39a414a105193c23bad
SSDEEP

6144:IFmHGc98/zJ4I2K+qq74QJzAuN2WTf1Iv2N:IFmHGc98VF1q0QJz7NdOI

Score

10^/10

njrat vip@2025 defense_evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

VIP@2025

C2

volkatv500.sytes.net:999

Mutex

96801fb0ab05f61df158b5857cd5944d

Attributes

reg_key
96801fb0ab05f61df158b5857cd5944d
splitter
|'|'|

Targets

- Target
  
  e8fc3de9676ab8497431ef07b81b79f8.exe
- Size
  
  292KB
- MD5
  
  e8fc3de9676ab8497431ef07b81b79f8
- SHA1
  
  35dc1c30457357de4791ab34ac9a05313a883aa2
- SHA256
  
  7cd2a6e49db953a85272081f68ed2fb26dcba2e1e4e23c667834698efd837d33
- SHA512
  
  26242df26b55a62ca95e5d6cef9043ede595986fb7bf4eb0ca3b79776b3d5a3e44959d844b33f0b6dfc3374b30f3cc823fda6a45bc66b39a414a105193c23bad
- SSDEEP
  
  6144:IFmHGc98/zJ4I2K+qq74QJzAuN2WTf1Iv2N:IFmHGc98VF1q0QJz7NdOI
Score

10^/10

njrat vip@2025 defense_evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  defense_evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratvip@2025defense_evasionpersistenceprivilege_escalationtrojan

behavioral2

njratvip@2025defense_evasionpersistenceprivilege_escalationtrojan