njrat | 0f12216d0def2118b865bebe97ffb778a0cdfa7a471e568f6cfa6014dfeac08b | Triage

Sharing

General

Target

2d1415dd38daeb474fb6c241dcb7b936.zip
Size

29KB
Sample

240831-k9jccawfnf
MD5

5d9a31fa733f0d1523d27fed6ab839cd
SHA1

803af8a077f5659eac889fb839af582917e535cc
SHA256

0f12216d0def2118b865bebe97ffb778a0cdfa7a471e568f6cfa6014dfeac08b
SHA512

244bbf3d6c8283c203680fc738406e67f36917797bc5b1e4367c10d0d6de4a983446b1e8b0cd79d88f09812f997121418dfd70ab9a831e0944b93201c1752cd2
SSDEEP

384:7L0vkJJZI2ijIasfF22pbD6rZgOr7V8VPhLoohHsHPh3uth6KFjdrl12rdekmSMN:/0sZ4wjN6FBr+xa8HsHP+rjdrl1udny

Score

10^/10

njrat ترومان و جلوبال و اوبتيكوم discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

ترومان و جلوبال و اوبتيكوم

C2

naruto2018.myq-see.com:1001

Mutex

bbc0ca026006169180c4b62d667de837

Attributes

reg_key
bbc0ca026006169180c4b62d667de837
splitter
|'|'|

Targets

- Target
  
  69cd57994729a44cf6f5511078b3e284a77974ef0f14a423b746dab45310b175
- Size
  
  36KB
- MD5
  
  2d1415dd38daeb474fb6c241dcb7b936
- SHA1
  
  59571ede7daf6b3688cc975b2147ec931ca9b757
- SHA256
  
  69cd57994729a44cf6f5511078b3e284a77974ef0f14a423b746dab45310b175
- SHA512
  
  ed0b151fee5e70ee02105cbabf19051d8b0139342e792ec5d365469fff9583792fabca343149850298b29b8708483f84cb18db44d4acc451bd2d15aa946dc210
- SSDEEP
  
  768:YCxBIV3JofEVAhoxuUZ1rJ7Vr+D4imK4uEUiuOw:YCstyMTuUZ1ZUkBK4w
Score

10^/10

njrat ترومان و جلوبال و اوبتيكوم discovery evasion persistence privilege_escalation trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrat ترومان و جلوبال و اوبتيكومdiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

njrat ترومان و جلوبال و اوبتيكومdiscoveryevasionpersistenceprivilege_escalationtrojan