njrat | abc444525d3ca6b1679ea160738b663052cb64fb4bdd0fb1903bac23d3eae919 | Triage

Sharing

General

Target

d7041ca0e3829f211b2bd1698c98aeb6_JaffaCakes118
Size

557KB
Sample

240909-ywtg2szbph
MD5

d7041ca0e3829f211b2bd1698c98aeb6
SHA1

50d14c9dcc8d883abf40155414bf09c98a2ae5c5
SHA256

abc444525d3ca6b1679ea160738b663052cb64fb4bdd0fb1903bac23d3eae919
SHA512

363d060d3547fa465f961928a2314495593560b6ace3741f151156bf5fa172c4d6001223576b52eecc3801ae1a3bcb49a2d2c3f4cd1799d406896ab57ec2fedf
SSDEEP

6144:jh3bZqgIYTbsFsUI1cnLOftd+PmhK2F0h3lr6VIyb39:jtZqgIYLUI1mktd+PgK3lr4I43

Score

10^/10

njrat hacked defense_evasion discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

comettest.ddns.net:1337

Mutex

001235189d37eb700b8caeaaee506d6a

Attributes

reg_key
001235189d37eb700b8caeaaee506d6a
splitter
|'|'|

Targets

- Target
  
  d7041ca0e3829f211b2bd1698c98aeb6_JaffaCakes118
- Size
  
  557KB
- MD5
  
  d7041ca0e3829f211b2bd1698c98aeb6
- SHA1
  
  50d14c9dcc8d883abf40155414bf09c98a2ae5c5
- SHA256
  
  abc444525d3ca6b1679ea160738b663052cb64fb4bdd0fb1903bac23d3eae919
- SHA512
  
  363d060d3547fa465f961928a2314495593560b6ace3741f151156bf5fa172c4d6001223576b52eecc3801ae1a3bcb49a2d2c3f4cd1799d406896ab57ec2fedf
- SSDEEP
  
  6144:jh3bZqgIYTbsFsUI1cnLOftd+PmhK2F0h3lr6VIyb39:jtZqgIYLUI1mktd+PgK3lr4I43
Score

10^/10

njrat hacked defense_evasion discovery evasion persistence privilege_escalation trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackeddefense_evasiondiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

njrathackeddefense_evasiondiscoveryevasionpersistenceprivilege_escalationtrojan