njrat | 24d7b631e5ecb23fb41edca7d5943f53abe6f351fe88322389bd5862841e13a1 | Triage

Sharing

General

Target

24d7b631e5ecb23fb41edca7d5943f53abe6f351fe88322389bd5862841e13a1N
Size

23KB
Sample

240917-zcklgatejk
MD5

f7a4e0f424339e7ee79ff786e32bf9c0
SHA1

ed3ca15f61691be0edcbf7fa5307a0924c39effd
SHA256

24d7b631e5ecb23fb41edca7d5943f53abe6f351fe88322389bd5862841e13a1
SHA512

b8ed8389d7a5eb1d9d505ba6619a5ddb5e2857263565157f5a9c0b89954eb6e9326637fa02e7fbc8c3b256494f656af00c08b3bff98aa912f9865ecd8b9a6348
SSDEEP

384:JoWtkEwn65rgjAsGipk55D16xgXakhbZD0mRvR6JZlbw8hqIusZzZIQR:e7O89p2rRpcnu8

Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

10.10.1.11:5552

Mutex

7657c14284185fbd3fb108b43c7467ba

Attributes

reg_key
7657c14284185fbd3fb108b43c7467ba
splitter
|'|'|

Targets

- Target
  
  24d7b631e5ecb23fb41edca7d5943f53abe6f351fe88322389bd5862841e13a1N
- Size
  
  23KB
- MD5
  
  f7a4e0f424339e7ee79ff786e32bf9c0
- SHA1
  
  ed3ca15f61691be0edcbf7fa5307a0924c39effd
- SHA256
  
  24d7b631e5ecb23fb41edca7d5943f53abe6f351fe88322389bd5862841e13a1
- SHA512
  
  b8ed8389d7a5eb1d9d505ba6619a5ddb5e2857263565157f5a9c0b89954eb6e9326637fa02e7fbc8c3b256494f656af00c08b3bff98aa912f9865ecd8b9a6348
- SSDEEP
  
  384:JoWtkEwn65rgjAsGipk55D16xgXakhbZD0mRvR6JZlbw8hqIusZzZIQR:e7O89p2rRpcnu8
Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackeddiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

njratdiscoveryevasionpersistenceprivilege_escalationtrojan