njrat | 91586085339b9ec8765067eaccec4c94b8753a04c8dc00cd446909ac5c944838 | Triage

Sharing

General

Target

0400b010d3a4e948bd4199f828831010N
Size

345KB
Sample

240908-nx9kjsthnl
MD5

0400b010d3a4e948bd4199f828831010
SHA1

e718e3f6991de3a6f0981cac55a9b4171322714c
SHA256

91586085339b9ec8765067eaccec4c94b8753a04c8dc00cd446909ac5c944838
SHA512

8c98bdbf68d1fd2d9810d6ba3e4139f5f729d05ef0c2d4c9cf1a2e11f97a6621a1d8eedb39bcbf385ffb79b595e5ca6b166b3d38ff9802c8048181631ccd1569
SSDEEP

3072:qqQ2P1iVBqRbspn4sl9HIxCLaVmFlYbuBUXWNgmTQ9CrsZeLr+1onaRs50ClDaRw:g2PQVBqRbsf4REM9UY1bO96jMQ

Score

10^/10

njrat clien discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

clien

C2

hakim32.ddns.net:2000

147.185.221.18:61276

Mutex

f7e6d24b4a113d9753558dfbb032c2ac

Attributes

reg_key
f7e6d24b4a113d9753558dfbb032c2ac
splitter
|'|'|

Targets

- Target
  
  0400b010d3a4e948bd4199f828831010N
- Size
  
  345KB
- MD5
  
  0400b010d3a4e948bd4199f828831010
- SHA1
  
  e718e3f6991de3a6f0981cac55a9b4171322714c
- SHA256
  
  91586085339b9ec8765067eaccec4c94b8753a04c8dc00cd446909ac5c944838
- SHA512
  
  8c98bdbf68d1fd2d9810d6ba3e4139f5f729d05ef0c2d4c9cf1a2e11f97a6621a1d8eedb39bcbf385ffb79b595e5ca6b166b3d38ff9802c8048181631ccd1569
- SSDEEP
  
  3072:qqQ2P1iVBqRbspn4sl9HIxCLaVmFlYbuBUXWNgmTQ9CrsZeLr+1onaRs50ClDaRw:g2PQVBqRbsf4REM9UY1bO96jMQ
Score

10^/10

njrat clien discovery evasion persistence privilege_escalation trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratcliendiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

njratcliendiscoveryevasionpersistenceprivilege_escalationtrojan