njrat | 4e85d6c7dbfed9fd6d39cc7462dc44742248835665e505e498566716d8f8c22a | Triage

Sharing

General

Target

e7d8c9ef8a9dd2c80574799ce1b81697.zip
Size

172KB
Sample

240831-jab9basbqr
MD5

92a023eb22eabef8977b1a4a43773861
SHA1

c8a2ff3f0b6142cbcd236fc79c19a40ae0b296aa
SHA256

4e85d6c7dbfed9fd6d39cc7462dc44742248835665e505e498566716d8f8c22a
SHA512

ad0d4ad1787ec4ec0e8c6b64fcb74a7c519f2cf85393fbc2bb91747432670912e15910b41eb96bb9cc0c8e50532c2877952f202734bf176d90e3043a5c0d72cb
SSDEEP

3072:LcuDWasYZWsetRkqD6TdMkcASgdjyfVUkB8egqyOGz8Ni2cOjTPdxo25z/PXwxJ:LLWalZWsMqcFgyVx9K4NbcI704zwn

Score

10^/10

njrat evasion persistence privilege_escalation trojan

Malware Config

Targets

- Target
  
  09363e0efdea54c1c8878f0a7d1c5ef696309328ff9da8223abdaa81c20a887e
- Size
  
  277KB
- MD5
  
  e7d8c9ef8a9dd2c80574799ce1b81697
- SHA1
  
  3778aab8af400bd5d390d3a5e1190b085b280379
- SHA256
  
  09363e0efdea54c1c8878f0a7d1c5ef696309328ff9da8223abdaa81c20a887e
- SHA512
  
  c00c7e97f1117cacf2d749981789d5d9380991e16e397ff47a4f9df917c5f9243e3ef4cb4f7f2cf50839a9f3390d24055c285f41d3fe5533d6297d6e1dbbfd5e
- SSDEEP
  
  3072:lrWg6DgCHlG0ufU48aRi0Wn+WOfrQiG6igDyHcGje81j5wfEKw5Aak4GTiFrhE:plcvF4fU486isWh+VnGa81jGf8Pl
Score

10^/10

njrat evasion persistence privilege_escalation trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratevasionpersistenceprivilege_escalationtrojan

behavioral2

njratevasionpersistenceprivilege_escalationtrojan