njrat | 6a63f64e8b12ec995174b4edf2227b277d23f03268e2577a9a265e619d57918c | Triage

Sharing

General

Target

6a63f64e8b12ec995174b4edf2227b277d23f03268e2577a9a265e619d57918cN.exe
Size

1.3MB
Sample

250207-1dq1bayngw
MD5

5ebe0d1a87ffbb0c5da46fd27afa55c0
SHA1

efb6dd7c8971200b5babfef27e9fd2694309e14b
SHA256

6a63f64e8b12ec995174b4edf2227b277d23f03268e2577a9a265e619d57918c
SHA512

4840de14c11680af2c77e35329cb4807ac55f39f2affd60f8590ee938aa8eaf5a5cc4c635fe58cbd80e3df37e1da5c6f606d4ea4f0a9fd63ef639a3e2e91fff7
SSDEEP

24576:lJQpfDVc5/wP8gvnbxPaCcCu001guRuUk7cmrojzK02+58xBRysw0i9gnK:lyDVkgvbxPkCu001gucUqcm8jm02GImt

Score

10^/10

njrat defense_evasion discovery trojan

Malware Config

Targets

- Target
  
  6a63f64e8b12ec995174b4edf2227b277d23f03268e2577a9a265e619d57918cN.exe
- Size
  
  1.3MB
- MD5
  
  5ebe0d1a87ffbb0c5da46fd27afa55c0
- SHA1
  
  efb6dd7c8971200b5babfef27e9fd2694309e14b
- SHA256
  
  6a63f64e8b12ec995174b4edf2227b277d23f03268e2577a9a265e619d57918c
- SHA512
  
  4840de14c11680af2c77e35329cb4807ac55f39f2affd60f8590ee938aa8eaf5a5cc4c635fe58cbd80e3df37e1da5c6f606d4ea4f0a9fd63ef639a3e2e91fff7
- SSDEEP
  
  24576:lJQpfDVc5/wP8gvnbxPaCcCu001guRuUk7cmrojzK02+58xBRysw0i9gnK:lyDVkgvbxPkCu001gucUqcm8jm02GImt
Score

10^/10

njrat defense_evasion discovery trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  defense_evasion
- Downloads MZ/PE file
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  defense_evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratdefense_evasiondiscoverytrojan

behavioral2

njratdefense_evasiondiscoverytrojan