njrat | ce2ab23a027755be79f00183835b8f709f2be1cfbd25013dfe6467eb89c13df3 | Triage

Sharing

General

Target

Explower.exe
Size

93KB
Sample

240917-k79fravfkf
MD5

ba5e37504c00524408acfb6ccb306276
SHA1

dd5ea510df34f3ef5ca7cd022e69556b3517fbe1
SHA256

ce2ab23a027755be79f00183835b8f709f2be1cfbd25013dfe6467eb89c13df3
SHA512

1097a402f5b4db2e9a3496eff74773413a73c7474e105ab5ce59a23feafaf388431366def5fe90eb04e7587a9f0cae4a5d83c0bd59f1c64447b8e476c8af82dc
SSDEEP

768:3Y37MMLUiu5LVMZASgeArRKm6t0XJmYm6naeG+KXxrjEtCdnl2pi1Rz4Rk3JsGdG:5MLputRe2Rx6k9ab9jEwzGi1dD5DygS

Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

hakim32.ddns.net:2000

release-oakland.gl.at.ply.gg:45463

Mutex

0164d5d5cbab440fb768d095d7f279d3

Attributes

reg_key
0164d5d5cbab440fb768d095d7f279d3
splitter
|'|'|

Targets

- Target
  
  Explower.exe
- Size
  
  93KB
- MD5
  
  ba5e37504c00524408acfb6ccb306276
- SHA1
  
  dd5ea510df34f3ef5ca7cd022e69556b3517fbe1
- SHA256
  
  ce2ab23a027755be79f00183835b8f709f2be1cfbd25013dfe6467eb89c13df3
- SHA512
  
  1097a402f5b4db2e9a3496eff74773413a73c7474e105ab5ce59a23feafaf388431366def5fe90eb04e7587a9f0cae4a5d83c0bd59f1c64447b8e476c8af82dc
- SSDEEP
  
  768:3Y37MMLUiu5LVMZASgeArRKm6t0XJmYm6naeG+KXxrjEtCdnl2pi1Rz4Rk3JsGdG:5MLputRe2Rx6k9ab9jEwzGi1dD5DygS
Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2 behavioral3 behavioral4 behavioral5

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackeddiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

njrathackeddiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral3

njrathackeddiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral4

discoveryevasionpersistenceprivilege_escalation

behavioral5

discoveryevasionpersistenceprivilege_escalation