njrat | ee6e418f62a96c6377811dac7533a4eb53e8045089d8adbbf578db99b870bb2a | Triage

Sharing

General

Target

e54f33c132f7623925a09f664ff50a76_JaffaCakes118
Size

70KB
Sample

240916-whltya1fpe
MD5

e54f33c132f7623925a09f664ff50a76
SHA1

d31bcb438f5ad9e21a2d73f7409b1a1c81278c60
SHA256

ee6e418f62a96c6377811dac7533a4eb53e8045089d8adbbf578db99b870bb2a
SHA512

389ab2542fc73cbe8b2d2f9f33c314f2d8c4fc435870faba67eda578d3114ee068ed4e4f9b9bfc3004f7ca4f0a9796559a45b167f2113104037bdd92c34de8ee
SSDEEP

1536:OXuvaQLKsNRLgGFMPELMp11tR+HxJLcV+6TdvmuoDyCImnxq:OXuvaQLdU2Mp11tERJLcY6pv5mnxq

Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

127.0.0.1:5552

Mutex

23f0e3bce589df29a3e6f3e8879b41c1

Attributes

reg_key
23f0e3bce589df29a3e6f3e8879b41c1
splitter
|'|'|

Targets

- Target
  
  e54f33c132f7623925a09f664ff50a76_JaffaCakes118
- Size
  
  70KB
- MD5
  
  e54f33c132f7623925a09f664ff50a76
- SHA1
  
  d31bcb438f5ad9e21a2d73f7409b1a1c81278c60
- SHA256
  
  ee6e418f62a96c6377811dac7533a4eb53e8045089d8adbbf578db99b870bb2a
- SHA512
  
  389ab2542fc73cbe8b2d2f9f33c314f2d8c4fc435870faba67eda578d3114ee068ed4e4f9b9bfc3004f7ca4f0a9796559a45b167f2113104037bdd92c34de8ee
- SSDEEP
  
  1536:OXuvaQLKsNRLgGFMPELMp11tR+HxJLcV+6TdvmuoDyCImnxq:OXuvaQLdU2Mp11tERJLcY6pv5mnxq
Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackeddiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

njrathackeddiscoveryevasionpersistenceprivilege_escalationtrojan