njrat | e682a013cf4d9506bcd9e730ed6da21be46a117730dc88f8d96caeb48cf24e41 | Triage

Sharing

General

Target

c6011dea52991d43b750a0ad61e2d48a_JaffaCakes118
Size

23KB
Sample

240828-bksp2s1bml
MD5

c6011dea52991d43b750a0ad61e2d48a
SHA1

01895740f3ea21957eb95b83b7d0e596730260d0
SHA256

e682a013cf4d9506bcd9e730ed6da21be46a117730dc88f8d96caeb48cf24e41
SHA512

1deacd0c5e571dcadd8edb636402613c033bf1ce7f0575cac132d99d4bd4457b8eeb5e448d2b57910957a52dfd1c21d987e16168f2b71b65b178f89a244e4131
SSDEEP

384:BQ+SAN7uprgvM5OSUswZXg69gbm4hfpFmRvR6JZlbw8hqIusZzZBv2:WOaxVULRpcnuD

Score

10^/10

njrat fr3onhalab discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

FR3ONHALAB

C2

ali1235.ddns.net:5552

Mutex

40aad18385d440b1180a46336af316cb

Attributes

reg_key
40aad18385d440b1180a46336af316cb
splitter
|'|'|

Targets

- Target
  
  c6011dea52991d43b750a0ad61e2d48a_JaffaCakes118
- Size
  
  23KB
- MD5
  
  c6011dea52991d43b750a0ad61e2d48a
- SHA1
  
  01895740f3ea21957eb95b83b7d0e596730260d0
- SHA256
  
  e682a013cf4d9506bcd9e730ed6da21be46a117730dc88f8d96caeb48cf24e41
- SHA512
  
  1deacd0c5e571dcadd8edb636402613c033bf1ce7f0575cac132d99d4bd4457b8eeb5e448d2b57910957a52dfd1c21d987e16168f2b71b65b178f89a244e4131
- SSDEEP
  
  384:BQ+SAN7uprgvM5OSUswZXg69gbm4hfpFmRvR6JZlbw8hqIusZzZBv2:WOaxVULRpcnuD
Score

10^/10

njrat discovery evasion persistence privilege_escalation trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

fr3onhalabnjrat

behavioral1

njratdiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

njratdiscoveryevasionpersistenceprivilege_escalationtrojan