njrat | 077f299febcdceb59cc40e872cca52c79c2c9e9962ea9c760b541e579db49ed0 | Triage

Sharing

General

Target

NewClient1.exe
Size

164KB
Sample

250130-17ppcawnfj
MD5

c35a62e727785605e6e17f2e95774d45
SHA1

a81c7497e8bdfa19ce18ecdb5c4f95cc9ce67ef4
SHA256

077f299febcdceb59cc40e872cca52c79c2c9e9962ea9c760b541e579db49ed0
SHA512

93dc708ecf75cba64fef9ca27b18b7003d657981b214a00117bd9deabdb45e4b22a1a4bd5cf410437f48de708111cb73133096f48292920d0f506c754a82e871
SSDEEP

3072:o60T/hFv6UT6Rvf8yJTNT+CJMwErsdYY3ANbxiEMGnFCS:o61Bf7TOgd8btncS

Score

10^/10

njrat discovery trojan

Malware Config

Targets

- Target
  
  NewClient1.exe
- Size
  
  164KB
- MD5
  
  c35a62e727785605e6e17f2e95774d45
- SHA1
  
  a81c7497e8bdfa19ce18ecdb5c4f95cc9ce67ef4
- SHA256
  
  077f299febcdceb59cc40e872cca52c79c2c9e9962ea9c760b541e579db49ed0
- SHA512
  
  93dc708ecf75cba64fef9ca27b18b7003d657981b214a00117bd9deabdb45e4b22a1a4bd5cf410437f48de708111cb73133096f48292920d0f506c754a82e871
- SSDEEP
  
  3072:o60T/hFv6UT6Rvf8yJTNT+CJMwErsdYY3ANbxiEMGnFCS:o61Bf7TOgd8btncS
Score

10^/10

njrat discovery trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratdiscoverytrojan

behavioral2