njrat | 416b71ffdd41d451196ca412f9a4ed6baa04ce9d67b74716ddefdb8eae925869 | Triage

Sharing

General

Target

d92cc798ff7b6c0201f611eb2fc6cfe5_JaffaCakes118
Size

23KB
Sample

240910-23frba1cph
MD5

d92cc798ff7b6c0201f611eb2fc6cfe5
SHA1

32fc41ab3fb458d28c9f45271d7e671db763b8b5
SHA256

416b71ffdd41d451196ca412f9a4ed6baa04ce9d67b74716ddefdb8eae925869
SHA512

453b947d6c9c502983cb777e0fd4e07f85d3a37c3d02a939479e71903444c1a3f0f34b97be93fa82dc0aa444e1e9e94c43901e0ee1d02b5c41f9accc3931c00c
SSDEEP

384:hwz6+T4IjWZFNwXU0eiNUBdvt6lgT+lLOhXxQmRvR6JZlbw8hqIusZzZQAE:yTbC81NgRpcnu1

Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

dikodiko.ddns.net:7000

Mutex

11b9b072bf286247208a802c3eb234a6

Attributes

reg_key
11b9b072bf286247208a802c3eb234a6
splitter
|'|'|

Targets

- Target
  
  d92cc798ff7b6c0201f611eb2fc6cfe5_JaffaCakes118
- Size
  
  23KB
- MD5
  
  d92cc798ff7b6c0201f611eb2fc6cfe5
- SHA1
  
  32fc41ab3fb458d28c9f45271d7e671db763b8b5
- SHA256
  
  416b71ffdd41d451196ca412f9a4ed6baa04ce9d67b74716ddefdb8eae925869
- SHA512
  
  453b947d6c9c502983cb777e0fd4e07f85d3a37c3d02a939479e71903444c1a3f0f34b97be93fa82dc0aa444e1e9e94c43901e0ee1d02b5c41f9accc3931c00c
- SSDEEP
  
  384:hwz6+T4IjWZFNwXU0eiNUBdvt6lgT+lLOhXxQmRvR6JZlbw8hqIusZzZQAE:yTbC81NgRpcnu1
Score

10^/10

njrat discovery evasion persistence privilege_escalation trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratdiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

njratdiscoveryevasionpersistenceprivilege_escalationtrojan