njrat | 1f62a6987968cb02df6ccdd8fbec5f3d22d66866fc6de497a7c5ea5cec991e13 | Triage

Sharing

General

Target

c19c43675c09a07c0de2b0bf81e6e8e0N
Size

89KB
Sample

240913-c5vwkszfpc
MD5

c19c43675c09a07c0de2b0bf81e6e8e0
SHA1

5be5b99c235bfea65350404b71078b197d39380e
SHA256

1f62a6987968cb02df6ccdd8fbec5f3d22d66866fc6de497a7c5ea5cec991e13
SHA512

0c50c30fa7ca5cbd4782b704f8d790a6c951285e7b67422439b228b319f7fef8c7cf46c421dd288bffde3f2b173450965c6c19c91f7572380242a10937c8c58d
SSDEEP

384:A1YmCsw/yJrQ7tRGSQCY1r46AgfCcBjdhmRvR6JZlbw8hqIusZzZpHUWQhYgjF:Aq7GktQmRpcnuk0BCaF

Score

10^/10

njrat hacked by sniper discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed By sniper

C2

sniperexe.ddns.net:5552

Mutex

8b99b6f984f1c566e57684117b85eb25

Attributes

reg_key
8b99b6f984f1c566e57684117b85eb25
splitter
|'|'|

Targets

- Target
  
  c19c43675c09a07c0de2b0bf81e6e8e0N
- Size
  
  89KB
- MD5
  
  c19c43675c09a07c0de2b0bf81e6e8e0
- SHA1
  
  5be5b99c235bfea65350404b71078b197d39380e
- SHA256
  
  1f62a6987968cb02df6ccdd8fbec5f3d22d66866fc6de497a7c5ea5cec991e13
- SHA512
  
  0c50c30fa7ca5cbd4782b704f8d790a6c951285e7b67422439b228b319f7fef8c7cf46c421dd288bffde3f2b173450965c6c19c91f7572380242a10937c8c58d
- SSDEEP
  
  384:A1YmCsw/yJrQ7tRGSQCY1r46AgfCcBjdhmRvR6JZlbw8hqIusZzZpHUWQhYgjF:Aq7GktQmRpcnuk0BCaF
Score

10^/10

njrat discovery evasion persistence privilege_escalation trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

hacked by snipernjrat

behavioral1

njratdiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

njratdiscoveryevasionpersistenceprivilege_escalationtrojan