njrat | fa8f38553b72c6a4d8915c9445498666d901181c435bafb2e0b3fb110fb791cc | Triage

Sharing

General

Target

e94448bcbf82be1e92fdf6a136913720N
Size

91KB
Sample

240912-e8wcma1gnh
MD5

e94448bcbf82be1e92fdf6a136913720
SHA1

50a25b28a6c1c55e207626f62c0853d97cde7a2e
SHA256

fa8f38553b72c6a4d8915c9445498666d901181c435bafb2e0b3fb110fb791cc
SHA512

407545317017560eda987a147eacb36bac60d1000325aac014391d97dc914e0c2eacd7ecc7cb2f8e941d96b0c7da155a249b6ddfff4791a7a65849ff967802c5
SSDEEP

1536:HXnDxM2ZoXADZ9a458XeUlfkivVR1Ypnv:3nrwADZ9ajv5vVRCn

Score

10^/10

njrat discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

C2

hakim32.ddns.net:2000

Targets

- Target
  
  e94448bcbf82be1e92fdf6a136913720N
- Size
  
  91KB
- MD5
  
  e94448bcbf82be1e92fdf6a136913720
- SHA1
  
  50a25b28a6c1c55e207626f62c0853d97cde7a2e
- SHA256
  
  fa8f38553b72c6a4d8915c9445498666d901181c435bafb2e0b3fb110fb791cc
- SHA512
  
  407545317017560eda987a147eacb36bac60d1000325aac014391d97dc914e0c2eacd7ecc7cb2f8e941d96b0c7da155a249b6ddfff4791a7a65849ff967802c5
- SSDEEP
  
  1536:HXnDxM2ZoXADZ9a458XeUlfkivVR1Ypnv:3nrwADZ9ajv5vVRCn
Score

10^/10

njrat discovery evasion persistence privilege_escalation trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratdiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

discoveryevasionpersistenceprivilege_escalation