njrat | 3c7d038904d76e14aa882dd82824c8bed89603f36d1ba8421a52a8f852c4bb6b | Triage

Sharing

General

Target

515e10e9b47bac4ec2f8150db332f25e.exe
Size

37KB
Sample

250207-phwktazpdt
MD5

515e10e9b47bac4ec2f8150db332f25e
SHA1

9ad259a0377db6830913a4fdc4cd5cd02516a18e
SHA256

3c7d038904d76e14aa882dd82824c8bed89603f36d1ba8421a52a8f852c4bb6b
SHA512

a1df033b40aba6c154f26c054d6984c6124c0c92c14364c1b5d80428a80cb98e7e9bc709e683f1945ee3262734101092bb6068222893324e24cc89d7c4d7a349
SSDEEP

384:CG+Zxj6ic7ri5Z7JAyk/Y4IvDfZeKQVxrAF+rMRTyN/0L+EcoinblneHQM3epzXQ:T+nHJ7k/Y4IDZbQfrM+rMRa8NuqLht

Score

10^/10

njrat sperma defense_evasion discovery persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

SperMa

C2

nice-otherwise.gl.at.ply.gg:47140

Mutex

613d84b15b02c327602530be53275b66

Attributes

reg_key
613d84b15b02c327602530be53275b66
splitter
|'|'|

Targets

- Target
  
  515e10e9b47bac4ec2f8150db332f25e.exe
- Size
  
  37KB
- MD5
  
  515e10e9b47bac4ec2f8150db332f25e
- SHA1
  
  9ad259a0377db6830913a4fdc4cd5cd02516a18e
- SHA256
  
  3c7d038904d76e14aa882dd82824c8bed89603f36d1ba8421a52a8f852c4bb6b
- SHA512
  
  a1df033b40aba6c154f26c054d6984c6124c0c92c14364c1b5d80428a80cb98e7e9bc709e683f1945ee3262734101092bb6068222893324e24cc89d7c4d7a349
- SSDEEP
  
  384:CG+Zxj6ic7ri5Z7JAyk/Y4IvDfZeKQVxrAF+rMRTyN/0L+EcoinblneHQM3epzXQ:T+nHJ7k/Y4IDZbQfrM+rMRa8NuqLht
Score

10^/10

njrat sperma defense_evasion discovery persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  defense_evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratspermadefense_evasiondiscoverypersistenceprivilege_escalationtrojan

behavioral2

defense_evasiondiscoverypersistenceprivilege_escalation