njrat | f6f3a159a14c0fc47c26d3a42f42dd8aaf0ab2a06a0cc9a1987e64cc14ec68af | Triage

Sharing

General

Target

RAT-BAT.zip
Size

11KB
Sample

240919-rn847stcnp
MD5

9ada8491532eb69e8b208cf4d30e5097
SHA1

669b7fad18b9d58532f35be8530e0b60f4996f99
SHA256

f6f3a159a14c0fc47c26d3a42f42dd8aaf0ab2a06a0cc9a1987e64cc14ec68af
SHA512

25ea6d3b05c834ab1e13f6ed701c8ca2f9019473d7c064710136224867e1135ddf7e39f281f45a4d5781c2d94846c5b563e386078f399c556f7ebb9d084e4069
SSDEEP

192:Du/looD+YyDq9l1BC/iQd562Gh//728zf8ese/8mq5oMOpTJw2S0jvxvZDXFOqJh:ydooqFdn5Ep71TNse/PbMOpi2LJvLOqr

Score

10^/10

njrat dedogegod discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

DeDogeGod

C2

piratebutt.ddns.net:5553

Mutex

718d42b8354776a9d2a7c9645eb796f6

Attributes

reg_key
718d42b8354776a9d2a7c9645eb796f6
splitter
|'|'|

Targets

- Target
  
  RAT-BAT/$pro$/Driver.exe
- Size
  
  23KB
- MD5
  
  ff46082f71150b3acaf7313732417692
- SHA1
  
  88b63303c0f23025fcbf0ef4f0986e8d35bb51b9
- SHA256
  
  33642198cc5583867754b1a8ae12f5680f45eade5a9a6bc1c62bbc4c54b5cd53
- SHA512
  
  4ab4260a516c40f8621a09beef431ccfd642c8d1e03bd43bc2f084b556e8a04655fd46e692b2e378d09f0be8d65d961d197e71b86e24f9ae06541a14b7206c19
- SSDEEP
  
  384:jd3gexUw/L+JrgUon5b9uSDMwT9Pfg6NgrWoBYi51mRvR6JZlbw8hqIusZzZDF0:dIAKG91DP1hPRpcnu1
Score

10^/10

njrat dedogegod discovery evasion persistence privilege_escalation trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratdedogegoddiscoveryevasionpersistenceprivilege_escalationtrojan