njrat | 4ba51daa0124137aeeb9aacefffa935a7159f17bc7b9ada8ed985e0e6552a89c | Triage

Sharing

General

Target

ef381d1841f2aacae8c063cdd2d28666_JaffaCakes118
Size

24KB
Sample

240921-g2sn9syekr
MD5

ef381d1841f2aacae8c063cdd2d28666
SHA1

05165a069e93510f377a5f5a5fbf3a74a3cb1980
SHA256

4ba51daa0124137aeeb9aacefffa935a7159f17bc7b9ada8ed985e0e6552a89c
SHA512

fa9783fa31a00b855dd4fdae10f6aa0fe1ff99bf19e465ed1316184ed6b729a4fdc019c2a7186252853aa0640f86a9c32d4dd0f46fae08dc4d6616d9ddbad932
SSDEEP

384:B/8aY1ia0N/IH+WUiWiLcXyUTly2Rc87po6ngB8W+tqlf5mRvR6JZlbw8hqIusZG:BO1Re/E+WUiW6ci6NR7tZRpcnuBZam

Score

10^/10

njrat hackified discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Hackified

C2

secksme.ddns.net:5552

Mutex

967ced937203276aa2abb98acd12065c

Attributes

reg_key
967ced937203276aa2abb98acd12065c
splitter
|'|'|

Targets

- Target
  
  ef381d1841f2aacae8c063cdd2d28666_JaffaCakes118
- Size
  
  24KB
- MD5
  
  ef381d1841f2aacae8c063cdd2d28666
- SHA1
  
  05165a069e93510f377a5f5a5fbf3a74a3cb1980
- SHA256
  
  4ba51daa0124137aeeb9aacefffa935a7159f17bc7b9ada8ed985e0e6552a89c
- SHA512
  
  fa9783fa31a00b855dd4fdae10f6aa0fe1ff99bf19e465ed1316184ed6b729a4fdc019c2a7186252853aa0640f86a9c32d4dd0f46fae08dc4d6616d9ddbad932
- SSDEEP
  
  384:B/8aY1ia0N/IH+WUiWiLcXyUTly2Rc87po6ngB8W+tqlf5mRvR6JZlbw8hqIusZG:BO1Re/E+WUiW6ci6NR7tZRpcnuBZam
Score

10^/10

njrat discovery evasion persistence privilege_escalation trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratdiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

njratdiscoveryevasionpersistenceprivilege_escalationtrojan