njrat | a4b72bc722028cec151ea4989fc19607f6b78d7dba90ce89b23355cffab6a101 | Triage

Sharing

General

Target

e5b6bbe7a93000a56482481f79c430a5_JaffaCakes118
Size

102KB
Sample

240916-2t7hnstgng
MD5

e5b6bbe7a93000a56482481f79c430a5
SHA1

2df0950882a98d436539e391c0bd6dfd1880de11
SHA256

a4b72bc722028cec151ea4989fc19607f6b78d7dba90ce89b23355cffab6a101
SHA512

62072a704f5909daf5c2479add3bfb5b7529f6f3d873330e15f9eff76e27fee964df74b60212e8979508be452bad3292770a123759ce6fbfc361eb254ec6bc41
SSDEEP

3072:VERGalxEdeL50aYc/kuRyl2HmzVmlKV+elaJY/:VyxetyRylqaV6eMO/

Score

10^/10

njrat hacked evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

HacKed

C2

m100.no-ip.info:7777

Mutex

152db0c690a8f99c617fcaae2b84e3d0

Attributes

reg_key
152db0c690a8f99c617fcaae2b84e3d0
splitter
|'|'|

Targets

- Target
  
  report.exe
- Size
  
  171KB
- MD5
  
  0490e4682182beb78dbd1d38a0c06710
- SHA1
  
  21630d537409fc3543096ce2fbbff703a249cdf8
- SHA256
  
  b47ffaafc061171b1e974de37aa21fdc15fa27a70641e03b1c103cad70feb445
- SHA512
  
  9efc319632c067402e264b25157100082c6b7b10fe69447e081a174a2a4ec5b6cc7a5b8e487e83ff80d5e0c6760edea5dfdd197532cb7b65631ab6c67c4fffc6
- SSDEEP
  
  3072:EGq0qx4vehcVKrlgYTep7TReAQYgRU1f8Ev0VevFpP3Bm51bGAQJKuQ3:fq0qxvlyh7g/YgR4fJFpP3Bm51Ta
Score

10^/10

njrat hacked evasion persistence privilege_escalation trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

njrathackedevasionpersistenceprivilege_escalationtrojan