njrat | bdb96b7a1a75fa4f56d1b1f922d80f029c12df21df49cbbfd1f2a3175d604195 | Triage

Resubmissions

15-09-2024 18:44

240915-xdfb2axhlk 10

15-09-2024 18:40

240915-xbd17axgkq 10

Sharing

General

Target

Remcos Professional Cracked By Alcatraz3222 (1).zip
Size

17.3MB
Sample

240915-xbd17axgkq
MD5

ea3fd7407073aae0205a02f10c1f826f
SHA1

aeb5a674da5bbdea4e1b42470e6e059b730b88a6
SHA256

bdb96b7a1a75fa4f56d1b1f922d80f029c12df21df49cbbfd1f2a3175d604195
SHA512

bf69f80a585eed54b599cb5adf285ca0576650b275daef6e502eae2d564906950cb4a13821b67325bc1c2ba0ca6436401f562c279cc42d3590e0f8becfec028f
SSDEEP

393216:2+Y8LpIcxbEWd4rSrwcJY2sG1l/TTwizV1iBLzCoa+++OvPrTy:/yMwWqrXc+G1l7TwiRI9z8++TTy

Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

dllsys.duckdns.org:3202

Mutex

3b570ffeeb3d34249b9a5ce0ee58a328

Attributes

reg_key
3b570ffeeb3d34249b9a5ce0ee58a328
splitter
svchost

Targets

- Target
  
  Remcos Professional Cracked By Alcatraz3222 (1).zip
- Size
  
  17.3MB
- MD5
  
  ea3fd7407073aae0205a02f10c1f826f
- SHA1
  
  aeb5a674da5bbdea4e1b42470e6e059b730b88a6
- SHA256
  
  bdb96b7a1a75fa4f56d1b1f922d80f029c12df21df49cbbfd1f2a3175d604195
- SHA512
  
  bf69f80a585eed54b599cb5adf285ca0576650b275daef6e502eae2d564906950cb4a13821b67325bc1c2ba0ca6436401f562c279cc42d3590e0f8becfec028f
- SSDEEP
  
  393216:2+Y8LpIcxbEWd4rSrwcJY2sG1l/TTwizV1iBLzCoa+++OvPrTy:/yMwWqrXc+G1l7TwiRI9z8++TTy
Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackeddiscoveryevasionpersistenceprivilege_escalationtrojan