njrat | f3fc78922144112105dd5b0bd4acd45d8723662e1960a14cf976edafa5cfbd7c | Triage

Sharing

General

Target

cf856b0a8e9f53a5e94eb2c87865b61e_JaffaCakes118
Size

31KB
Sample

240906-pjgs2swgje
MD5

cf856b0a8e9f53a5e94eb2c87865b61e
SHA1

6278a094d00c2fc2a11d7064881789635b29fe64
SHA256

f3fc78922144112105dd5b0bd4acd45d8723662e1960a14cf976edafa5cfbd7c
SHA512

a813a28f195ea32003a3b23289dbf6cba44d4fb9d2700415155b2f42dcb0469d5ffda85047502b465592a87d28a2b0c7fb1ee9eefd2b97e85c35325342d19aae
SSDEEP

768:fSs2ZOVvZVYzxDCPIAT+vCQEpvywHQmIDUu0ti1Hj:4+6qJQ6DQVkEj

Score

10^/10

njrat mybot discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

MyBot

C2

hjcnbr12.ddns.net:9897

Mutex

12ebff1e35adfb27442078d4ffad286a

Attributes

reg_key
12ebff1e35adfb27442078d4ffad286a
splitter
Y262SUCZ4UJJ

Targets

- Target
  
  cf856b0a8e9f53a5e94eb2c87865b61e_JaffaCakes118
- Size
  
  31KB
- MD5
  
  cf856b0a8e9f53a5e94eb2c87865b61e
- SHA1
  
  6278a094d00c2fc2a11d7064881789635b29fe64
- SHA256
  
  f3fc78922144112105dd5b0bd4acd45d8723662e1960a14cf976edafa5cfbd7c
- SHA512
  
  a813a28f195ea32003a3b23289dbf6cba44d4fb9d2700415155b2f42dcb0469d5ffda85047502b465592a87d28a2b0c7fb1ee9eefd2b97e85c35325342d19aae
- SSDEEP
  
  768:fSs2ZOVvZVYzxDCPIAT+vCQEpvywHQmIDUu0ti1Hj:4+6qJQ6DQVkEj
Score

10^/10

njrat discovery evasion persistence privilege_escalation trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratdiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

njratdiscoveryevasionpersistenceprivilege_escalationtrojan