njrat | df90ae97f50e8ad1bedc8b533026c4708561a2ea1a025008c28584b32a7ba3ca | Triage

Sharing

General

Target

d606478b39abb92571298cb94cfc4443_JaffaCakes118
Size

242KB
Sample

240909-k9thba1clm
MD5

d606478b39abb92571298cb94cfc4443
SHA1

4115e36c0e742454ac4042d97cc117e575a6410b
SHA256

df90ae97f50e8ad1bedc8b533026c4708561a2ea1a025008c28584b32a7ba3ca
SHA512

2579094c2835f98bfba058780fa5afd3f1219f0f752b007c28b187c11bd450c6bf8c9de1f623ada4acab1b5531b79ef139e6e51f23adc7991ffcbb558d1d0484
SSDEEP

384:/KVQZIj66moj854oQ9NlJSRJY/LaNaIhlaKwco+iLw4wvagZCk6evnWAxWAxbvfK:5BNwBWBvWBvUjeXMEMELfNw4r

Score

10^/10

njrat zerooo discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

zerooo

C2

abssa2016.ddns.net:1177

Mutex

5b2d8a2a5ef35052f655e43339797018

Attributes

reg_key
5b2d8a2a5ef35052f655e43339797018
splitter
|'|'|

Targets

- Target
  
  d606478b39abb92571298cb94cfc4443_JaffaCakes118
- Size
  
  242KB
- MD5
  
  d606478b39abb92571298cb94cfc4443
- SHA1
  
  4115e36c0e742454ac4042d97cc117e575a6410b
- SHA256
  
  df90ae97f50e8ad1bedc8b533026c4708561a2ea1a025008c28584b32a7ba3ca
- SHA512
  
  2579094c2835f98bfba058780fa5afd3f1219f0f752b007c28b187c11bd450c6bf8c9de1f623ada4acab1b5531b79ef139e6e51f23adc7991ffcbb558d1d0484
- SSDEEP
  
  384:/KVQZIj66moj854oQ9NlJSRJY/LaNaIhlaKwco+iLw4wvagZCk6evnWAxWAxbvfK:5BNwBWBvWBvUjeXMEMELfNw4r
Score

10^/10

njrat zerooo discovery evasion persistence privilege_escalation trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratzerooodiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

njratzerooodiscoveryevasionpersistenceprivilege_escalationtrojan