njrat | bbbd41df9ee8363af5927a1b8f8b6d373edc69b34069c3a1ff0e5696138a290d | Triage

Sharing

General

Target

ea1573a7a1a4e721d214ac535c15d263_JaffaCakes118
Size

23KB
Sample

240918-2c73wawele
MD5

ea1573a7a1a4e721d214ac535c15d263
SHA1

b99268fe0aa74e94a57676b99accb6cdcb880855
SHA256

bbbd41df9ee8363af5927a1b8f8b6d373edc69b34069c3a1ff0e5696138a290d
SHA512

b5050a6669d74e380a1ff5dce1669a476779e6373d60153d7ae62edc5276c7ccc2718841e6fe4864fa84948c157938ed9d774643dd40db97cac5c58e6ccd2d54
SSDEEP

384:SI2SUwXh0ZbAzlRGCvkodj46hgHK0hrVdmRvR6JZlbw8hqIusZzZ9H:1bhEkdvbRpcnu2

Score

10^/10

njrat diethylzink discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Diethylzink

C2

185.65.135.254:26130

Mutex

6672c70fe787f74f25e3a939a215c79a

Attributes

reg_key
6672c70fe787f74f25e3a939a215c79a
splitter
|'|'|

Targets

- Target
  
  ea1573a7a1a4e721d214ac535c15d263_JaffaCakes118
- Size
  
  23KB
- MD5
  
  ea1573a7a1a4e721d214ac535c15d263
- SHA1
  
  b99268fe0aa74e94a57676b99accb6cdcb880855
- SHA256
  
  bbbd41df9ee8363af5927a1b8f8b6d373edc69b34069c3a1ff0e5696138a290d
- SHA512
  
  b5050a6669d74e380a1ff5dce1669a476779e6373d60153d7ae62edc5276c7ccc2718841e6fe4864fa84948c157938ed9d774643dd40db97cac5c58e6ccd2d54
- SSDEEP
  
  384:SI2SUwXh0ZbAzlRGCvkodj46hgHK0hrVdmRvR6JZlbw8hqIusZzZ9H:1bhEkdvbRpcnu2
Score

10^/10

njrat discovery evasion persistence privilege_escalation trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

diethylzinknjrat

behavioral1

njratdiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

njratdiscoveryevasionpersistenceprivilege_escalationtrojan