njrat | 6a5fa2a0d30e512ed9f64e432d8be5c703b607d4d3414d1583ec2bc6d7c24a8c | Triage

Sharing

General

Target

ce7c682b41dc24a7aee277ef486db55d_JaffaCakes118
Size

23KB
Sample

240906-de9gqasdmn
MD5

ce7c682b41dc24a7aee277ef486db55d
SHA1

76a4a36a116b3f440a3a4b75ddc269e120d0862b
SHA256

6a5fa2a0d30e512ed9f64e432d8be5c703b607d4d3414d1583ec2bc6d7c24a8c
SHA512

f68e2420159e24b3038334b62bb30ff5db689be9ca67f89685febba85c4ad40ab1a0aefdbfaf57151a49cffccd572b298cb88d2538036f234da5cc64efab6129
SSDEEP

384:WQeCo2zmZbQHkJeCdUwBvQ61gjuQBnB9mRvR6JZlbw8hqIusZzZhD:B5yBVd7RpcnuO

Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

fetrigultu.zapto.org:5252

Mutex

cfd91aab224afdb4fadd3519f5ec56eb

Attributes

reg_key
cfd91aab224afdb4fadd3519f5ec56eb
splitter
|'|'|

Targets

- Target
  
  ce7c682b41dc24a7aee277ef486db55d_JaffaCakes118
- Size
  
  23KB
- MD5
  
  ce7c682b41dc24a7aee277ef486db55d
- SHA1
  
  76a4a36a116b3f440a3a4b75ddc269e120d0862b
- SHA256
  
  6a5fa2a0d30e512ed9f64e432d8be5c703b607d4d3414d1583ec2bc6d7c24a8c
- SHA512
  
  f68e2420159e24b3038334b62bb30ff5db689be9ca67f89685febba85c4ad40ab1a0aefdbfaf57151a49cffccd572b298cb88d2538036f234da5cc64efab6129
- SSDEEP
  
  384:WQeCo2zmZbQHkJeCdUwBvQ61gjuQBnB9mRvR6JZlbw8hqIusZzZhD:B5yBVd7RpcnuO
Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackeddiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

njratdiscoveryevasionpersistenceprivilege_escalationtrojan