njrat | 87d0845412d5ad22a56954c151f0ae21cba71d2284189fdb0d3c6cb93b6282eb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

gu.exe
Size

37KB
Sample

240630-rae9zasdkk
MD5

5623a039c27a4c274b375c83e42651d4
SHA1

877caa65809f345247c37d0bf64a49b1abda1e60
SHA256

87d0845412d5ad22a56954c151f0ae21cba71d2284189fdb0d3c6cb93b6282eb
SHA512

3f896c083919d310b4715d267dfccf57e10c8ba67a33f4feb1a6839cb97b922868339b9f448a5ad4360229837c030a03465337ec1aaba7d4fca64b8a31c00fd2
SSDEEP

768:/y0yQEkNVfCNWtkriwFYbMLrM+rMRa8NuOyt:hVqNWimwy4U+gRJNx

Score

10^/10

njrat gu evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

gu

C2

127.0.0.1:2323

Mutex

b7f2f50a5eff21f2499c81ed48fee825

Attributes

reg_key
b7f2f50a5eff21f2499c81ed48fee825
splitter
|'|'|

Targets

- Target
  
  gu.exe
- Size
  
  37KB
- MD5
  
  5623a039c27a4c274b375c83e42651d4
- SHA1
  
  877caa65809f345247c37d0bf64a49b1abda1e60
- SHA256
  
  87d0845412d5ad22a56954c151f0ae21cba71d2284189fdb0d3c6cb93b6282eb
- SHA512
  
  3f896c083919d310b4715d267dfccf57e10c8ba67a33f4feb1a6839cb97b922868339b9f448a5ad4360229837c030a03465337ec1aaba7d4fca64b8a31c00fd2
- SSDEEP
  
  768:/y0yQEkNVfCNWtkriwFYbMLrM+rMRa8NuOyt:hVqNWimwy4U+gRJNx
Score

10^/10

njrat gu evasion persistence privilege_escalation trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratguevasionpersistenceprivilege_escalationtrojan

behavioral2

evasionpersistenceprivilege_escalation