njrat | 2303372dde201ee30cd17b7b33525e342d300d0dd10bf2922e1d68bcd5bec116 | Triage

Sharing

General

Target

2303372dde201ee30cd17b7b33525e342d300d0dd10bf2922e1d68bcd5bec116N
Size

93KB
Sample

240920-a8svaa1ank
MD5

bc86b969a1c887c1d0bec9807bd59c20
SHA1

6145f1a5aa846d5592038b5018bff50f249ba6c7
SHA256

2303372dde201ee30cd17b7b33525e342d300d0dd10bf2922e1d68bcd5bec116
SHA512

0d8ba7e09704512dca244d03e7f3658d2562cdc8065996d0f31da772adbf65fe449a3a015f71fee73db79aa9cc786ed8c3a7fdc76d78f365af7352124c4fc443
SSDEEP

1536:+mzJD/HBZbszKu9AZpt7r1jEwzGi1dDLD6gS:+mSzK4AZHHCi1dT/

Score

10^/10

njrat sarcazm discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

sarcazm

C2

hakim32.ddns.net:2000

disclaimer-establish.gl.at.ply.gg:45887

Mutex

6a5ef65cabb4f7e7f2ef0d8156f8282b

Attributes

reg_key
6a5ef65cabb4f7e7f2ef0d8156f8282b
splitter
|'|'|

Targets

- Target
  
  2303372dde201ee30cd17b7b33525e342d300d0dd10bf2922e1d68bcd5bec116N
- Size
  
  93KB
- MD5
  
  bc86b969a1c887c1d0bec9807bd59c20
- SHA1
  
  6145f1a5aa846d5592038b5018bff50f249ba6c7
- SHA256
  
  2303372dde201ee30cd17b7b33525e342d300d0dd10bf2922e1d68bcd5bec116
- SHA512
  
  0d8ba7e09704512dca244d03e7f3658d2562cdc8065996d0f31da772adbf65fe449a3a015f71fee73db79aa9cc786ed8c3a7fdc76d78f365af7352124c4fc443
- SSDEEP
  
  1536:+mzJD/HBZbszKu9AZpt7r1jEwzGi1dDLD6gS:+mSzK4AZHHCi1dT/
Score

10^/10

njrat sarcazm discovery evasion persistence privilege_escalation trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratsarcazmdiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

discoveryevasionpersistenceprivilege_escalation