njrat | c3eecda765f66631358e23cbb02741b4e2fb2e56c76520d5a83b249ee8f929d8 | Triage

Sharing

General

Target

Payload.exe
Size

55KB
Sample

250322-z2q5jsvjw7
MD5

2fb0487c62fddc8148bb9c1e7a61ff0b
SHA1

166f462038f8db0cc6462c8f6de5f3098968b7da
SHA256

c3eecda765f66631358e23cbb02741b4e2fb2e56c76520d5a83b249ee8f929d8
SHA512

0fb567a204b6ed8c0104ac893168800fd4f40c3c6bebba1d446c53f5107a6b6bfea5d1d47c77f32efae765c675c976dbd64f541c671f7348100efc4659f42cc9
SSDEEP

1536:kdmIDn/NOryWhI0DGwsNMDmXExI3pmSm:BIDnE+v0DGwsNMDmXExI3pm

Score

10^/10

njrat victim discovery trojan

Malware Config

Extracted

Family

njrat

Version

<- NjRAT 0.7d Horror Edition ->

Botnet

Victim

C2

anyone-center.gl.at.ply.gg:7940

Mutex

27421004d62e68560786f4e6e6db51e2

Attributes

reg_key
27421004d62e68560786f4e6e6db51e2
splitter
Y262SUCZ4UJJ

Targets

- Target
  
  Payload.exe
- Size
  
  55KB
- MD5
  
  2fb0487c62fddc8148bb9c1e7a61ff0b
- SHA1
  
  166f462038f8db0cc6462c8f6de5f3098968b7da
- SHA256
  
  c3eecda765f66631358e23cbb02741b4e2fb2e56c76520d5a83b249ee8f929d8
- SHA512
  
  0fb567a204b6ed8c0104ac893168800fd4f40c3c6bebba1d446c53f5107a6b6bfea5d1d47c77f32efae765c675c976dbd64f541c671f7348100efc4659f42cc9
- SSDEEP
  
  1536:kdmIDn/NOryWhI0DGwsNMDmXExI3pmSm:BIDnE+v0DGwsNMDmXExI3pm
Score

10^/10

njrat discovery trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratdiscoverytrojan

behavioral2

njratdiscoverytrojan

behavioral3

njratdiscoverytrojan