njrat | 11a67a4a5933c4a9ada4481541c48bb6d209f4a717a3585d6dfca539473e9cd9 | Triage

Sharing

General

Target

d60597ac83665d38ff02101b76c11624_JaffaCakes118
Size

216KB
Sample

240909-k8wahs1bqr
MD5

d60597ac83665d38ff02101b76c11624
SHA1

dff92f02ab5bfd33b28132dcbb175d66996a8853
SHA256

11a67a4a5933c4a9ada4481541c48bb6d209f4a717a3585d6dfca539473e9cd9
SHA512

f780af658f63d1a9dc640afa1ac19aaca38c107f54beaabc91834db99d2e2cecbfb04f7d17dda85c5cbb85b36dda7638777f6fca50a7021a6dc9ba92b04211fa
SSDEEP

3072:PduRDpRJcoOWW/8D1lNgg21Vv2xN+g21c3Mjq9S:9i/Ngg215+N+g21xOS

Score

10^/10

njrat samer evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

Samer

C2

31.9.48.183:5552

Mutex

c53540ff66b09720dee7c75eaabd8f52

Attributes

reg_key
c53540ff66b09720dee7c75eaabd8f52
splitter
|'|'|

Targets

- Target
  
  d60597ac83665d38ff02101b76c11624_JaffaCakes118
- Size
  
  216KB
- MD5
  
  d60597ac83665d38ff02101b76c11624
- SHA1
  
  dff92f02ab5bfd33b28132dcbb175d66996a8853
- SHA256
  
  11a67a4a5933c4a9ada4481541c48bb6d209f4a717a3585d6dfca539473e9cd9
- SHA512
  
  f780af658f63d1a9dc640afa1ac19aaca38c107f54beaabc91834db99d2e2cecbfb04f7d17dda85c5cbb85b36dda7638777f6fca50a7021a6dc9ba92b04211fa
- SSDEEP
  
  3072:PduRDpRJcoOWW/8D1lNgg21Vv2xN+g21c3Mjq9S:9i/Ngg215+N+g21xOS
Score

10^/10

njrat samer evasion persistence privilege_escalation trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Scheduled Task/Job

Scheduled Task

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratsamerevasionpersistenceprivilege_escalationtrojan

behavioral2

njratsamerevasionpersistenceprivilege_escalationtrojan