njrat | 9d819d361dde7d350a39060625fe9eaaefc6ed1613bf3ee3686bf56ed3a19103 | Triage

Sharing

General

Target

ca2a5c2d18b75e54903592145d1b7714_JaffaCakes118
Size

22KB
Sample

240830-egdy9sxajq
MD5

ca2a5c2d18b75e54903592145d1b7714
SHA1

8cafe9a94498027b30e3cb8b1008e4e76b40695f
SHA256

9d819d361dde7d350a39060625fe9eaaefc6ed1613bf3ee3686bf56ed3a19103
SHA512

684c773a2e3067426de0028fa66732a6de014bad0efc0a35dc6e63c97f83b36bf9c328e2227113ef9719fb4dc61001e46f171dbf048b4e1c66d4d715082b2b4a
SSDEEP

384:9QeCo2zmZbQHkJeCdUwBvQ61gjuQBnB9mRvR6JZlbw8hqIusZzZY3:y5yBVd7Rpcnux

Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

moviesnews.hopto.org:5552

Mutex

a8a3ea014ed40a095f0acd5924e472f1

Attributes

reg_key
a8a3ea014ed40a095f0acd5924e472f1
splitter
|'|'|

Targets

- Target
  
  ca2a5c2d18b75e54903592145d1b7714_JaffaCakes118
- Size
  
  22KB
- MD5
  
  ca2a5c2d18b75e54903592145d1b7714
- SHA1
  
  8cafe9a94498027b30e3cb8b1008e4e76b40695f
- SHA256
  
  9d819d361dde7d350a39060625fe9eaaefc6ed1613bf3ee3686bf56ed3a19103
- SHA512
  
  684c773a2e3067426de0028fa66732a6de014bad0efc0a35dc6e63c97f83b36bf9c328e2227113ef9719fb4dc61001e46f171dbf048b4e1c66d4d715082b2b4a
- SSDEEP
  
  384:9QeCo2zmZbQHkJeCdUwBvQ61gjuQBnB9mRvR6JZlbw8hqIusZzZY3:y5yBVd7Rpcnux
Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackeddiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

njratdiscoveryevasionpersistenceprivilege_escalationtrojan