njrat | 56417dd91ccae6d9abd819d32df1b86c527f38f8f91cceed04c7583e9f084536 | Triage

Sharing

General

Target

56417dd91ccae6d9abd819d32df1b86c527f38f8f91cceed04c7583e9f084536N
Size

89KB
Sample

240919-bqp64stcql
MD5

c8e62189a69dea3d3b548fc7b18fd0b0
SHA1

be05f5f20dc2e65ed95c0f3f2ab451b12162181d
SHA256

56417dd91ccae6d9abd819d32df1b86c527f38f8f91cceed04c7583e9f084536
SHA512

72d701e8a50f80398ec348eb149834fba6c021ed79e989433290ac2c8d8824af92ad51434669f38a8b2063cf2f13ce940bc11021e4b8629842896fc704112f63
SSDEEP

1536:7z18nKZn3h3E3iECUBLTcDcEdKqFRqDBsBdDf2ed+OCQS:H1pZRsiOoDc0KqKBsbldS7

Score

10^/10

njrat hacked by mr-abu hani discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed By Mr-Abu Hani

C2

127.0.0.1:4444

Mutex

97bf82c5a9f29aa3f34d4a7d6f02e9b4

Attributes

reg_key
97bf82c5a9f29aa3f34d4a7d6f02e9b4
splitter
|'|'|

Targets

- Target
  
  56417dd91ccae6d9abd819d32df1b86c527f38f8f91cceed04c7583e9f084536N
- Size
  
  89KB
- MD5
  
  c8e62189a69dea3d3b548fc7b18fd0b0
- SHA1
  
  be05f5f20dc2e65ed95c0f3f2ab451b12162181d
- SHA256
  
  56417dd91ccae6d9abd819d32df1b86c527f38f8f91cceed04c7583e9f084536
- SHA512
  
  72d701e8a50f80398ec348eb149834fba6c021ed79e989433290ac2c8d8824af92ad51434669f38a8b2063cf2f13ce940bc11021e4b8629842896fc704112f63
- SSDEEP
  
  1536:7z18nKZn3h3E3iECUBLTcDcEdKqFRqDBsBdDf2ed+OCQS:H1pZRsiOoDc0KqKBsbldS7
Score

10^/10

njrat hacked by mr-abu hani discovery evasion persistence privilege_escalation trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathacked by mr-abu hanidiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

njrathacked by mr-abu hanidiscoveryevasionpersistenceprivilege_escalationtrojan