njrat | 3318d2024f5863942ba46235834bea85161a90219dbcb09bfadaf14f4811476f | Triage

Sharing

General

Target

3318d2024f5863942ba46235834bea85161a90219dbcb09bfadaf14f4811476f.exe
Size

8.8MB
Sample

240917-bg49nsyflq
MD5

24aaa69f6e96ea14e0602d49d5c58a83
SHA1

d50b28c15f5a93a9e4679d3c43d88a17e7350f40
SHA256

3318d2024f5863942ba46235834bea85161a90219dbcb09bfadaf14f4811476f
SHA512

35f59bbd359371c9a584556899fa3990b2954a532b8d73e9b65282301b25bb3f32a218fcd19eba0aa473e5ab4cae21bba5f20584218f3800cc566534e007978c
SSDEEP

196608:eYzQO9kPmWdJGlvIGEBhQ7BP5TmoaiZMSW0G6JmJfLknzB:5zQ8kP9dgwXK7Lmo7ul8cTaB

Score

10^/10

njrat clien discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

clien

C2

hakim32.ddns.net:2000

147.185.221.18:61276

Mutex

f7e6d24b4a113d9753558dfbb032c2ac

Attributes

reg_key
f7e6d24b4a113d9753558dfbb032c2ac
splitter
|'|'|

Targets

- Target
  
  3318d2024f5863942ba46235834bea85161a90219dbcb09bfadaf14f4811476f.exe
- Size
  
  8.8MB
- MD5
  
  24aaa69f6e96ea14e0602d49d5c58a83
- SHA1
  
  d50b28c15f5a93a9e4679d3c43d88a17e7350f40
- SHA256
  
  3318d2024f5863942ba46235834bea85161a90219dbcb09bfadaf14f4811476f
- SHA512
  
  35f59bbd359371c9a584556899fa3990b2954a532b8d73e9b65282301b25bb3f32a218fcd19eba0aa473e5ab4cae21bba5f20584218f3800cc566534e007978c
- SSDEEP
  
  196608:eYzQO9kPmWdJGlvIGEBhQ7BP5TmoaiZMSW0G6JmJfLknzB:5zQ8kP9dgwXK7Lmo7ul8cTaB
Score

10^/10

njrat clien discovery evasion persistence privilege_escalation trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratcliendiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

njratcliendiscoveryevasionpersistenceprivilege_escalationtrojan