njrat | 0f56dd6723c702c6608637f909ddb5a981eb08faae93d43699ad087736f46d3e | Triage

Sharing

General

Target

de9fd6894d1d96af8b009e11179d53d4_JaffaCakes118
Size

32KB
Sample

240913-wm7xzazgjr
MD5

de9fd6894d1d96af8b009e11179d53d4
SHA1

1206e78b3d06fbaa00c631cbcd6ad865d188bc0b
SHA256

0f56dd6723c702c6608637f909ddb5a981eb08faae93d43699ad087736f46d3e
SHA512

ea95fe84f721ceaf5a4b5b560478a70a59eb7b3bc2c95f442be6ae6ec0acbecaadf83ba9e34d4a338cc3307f9e6f01a1aa52a5cbbba50ebcff6b90c067ea97a6
SSDEEP

768:Cl969x3z9WRZR5RJ6V7aSx8f1TXEIb3refnIYVXkel1U:b6RxmaSoAIbbegYOE1U

Score

10^/10

njrat discovery evasion persistence privilege_escalation trojan

Malware Config

Targets

- Target
  
  steamv3.exe
- Size
  
  52KB
- MD5
  
  b4dce445b80c8c57e6785158e81d5154
- SHA1
  
  24deb57b4ee19d8462b1c378691399525d104538
- SHA256
  
  c9d54e7aa6d4ffd9667da4fa71b1f95cd1307244a17d1e0603251d7ffcccb604
- SHA512
  
  051cb6317f13b4192e17baf7cb36036166339265e71583979e31321da453e76feb99157e6876b015066e354fe83fdf40317381a5660f650d0e1e457075b77c4c
- SSDEEP
  
  768:vwOCLtZEmVRJ6V7aSx8f1T20PGFpNTeu/vvkc:oOSpVmaSoy0P8ckvcc
Score

10^/10

njrat discovery evasion persistence privilege_escalation trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratdiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

njratdiscoveryevasionpersistenceprivilege_escalationtrojan