njrat | 4787a6cf8b454c42a8c6f411642c50c305aaf66d7e46b32848ae0e505d38110a | Triage

Sharing

General

Target

d9f9884991b914591754c2bf6abfb6ff_JaffaCakes118
Size

924KB
Sample

240911-kj7l9a1emj
MD5

d9f9884991b914591754c2bf6abfb6ff
SHA1

2b93e4845ab56c308350c70daeef8e33b88fcfbe
SHA256

4787a6cf8b454c42a8c6f411642c50c305aaf66d7e46b32848ae0e505d38110a
SHA512

fe1f55b151399ae3ced8e5bf2f76e52ca4828ae93354218818d26c8aaee3ddb37319b75252996643d040bc0ed4f9fcbe630b7dba396ebfa9f115c560004079a2
SSDEEP

24576:3i2bV5YgbgASR/Fu76l0kKJ8VvbBNdCPBLswPgP:SQ5YgbgASRYul0kK6VvdNdCJIwP

Score

10^/10

njrat discovery evasion persistence privilege_escalation trojan

Malware Config

Targets

- Target
  
  d9f9884991b914591754c2bf6abfb6ff_JaffaCakes118
- Size
  
  924KB
- MD5
  
  d9f9884991b914591754c2bf6abfb6ff
- SHA1
  
  2b93e4845ab56c308350c70daeef8e33b88fcfbe
- SHA256
  
  4787a6cf8b454c42a8c6f411642c50c305aaf66d7e46b32848ae0e505d38110a
- SHA512
  
  fe1f55b151399ae3ced8e5bf2f76e52ca4828ae93354218818d26c8aaee3ddb37319b75252996643d040bc0ed4f9fcbe630b7dba396ebfa9f115c560004079a2
- SSDEEP
  
  24576:3i2bV5YgbgASR/Fu76l0kKJ8VvbBNdCPBLswPgP:SQ5YgbgASRYul0kK6VvdNdCJIwP
Score

10^/10

njrat discovery evasion persistence privilege_escalation trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratdiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

njratdiscoveryevasionpersistenceprivilege_escalationtrojan