njrat | ab11bc4d914653846cd26f24d97e4dcc3a4901e1cb65d63bae55cfff4980182b | Triage

Sharing

General

Target

ab11bc4d914653846cd26f24d97e4dcc3a4901e1cb65d63bae55cfff4980182b
Size

36KB
Sample

240921-ndz7rsyhpd
MD5

c5134fb49386eeb71898644c32734a48
SHA1

dd12404f5ec48a710b76fd0c8f0ac96cce8f7358
SHA256

ab11bc4d914653846cd26f24d97e4dcc3a4901e1cb65d63bae55cfff4980182b
SHA512

f38bb80a0ae6c50c6cfb71bedf699dad227918a5295a0c4638770c0e6210a4de507deb2f563f9d6ca93a3163bad8a73220aef080fee437706db795d88ff1a342
SSDEEP

384:CgDZ4XaCis7/WRdL5kyc/VQP7TngCANIUrAF+rMRTyN/0L+EcoinblneHQM3epz2:hD6XQD5nc/VQnFAZrM+rMRa8NuHgt

Score

10^/10

njrat itzm7d_hacker discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

iTzM7D_Hacker

C2

sound-falls.gl.at.ply.gg:1

Mutex

aa0ce714708cc7dc2f9fd91ced17cc60

Attributes

reg_key
aa0ce714708cc7dc2f9fd91ced17cc60
splitter
|'|'|

Targets

- Target
  
  ab11bc4d914653846cd26f24d97e4dcc3a4901e1cb65d63bae55cfff4980182b
- Size
  
  36KB
- MD5
  
  c5134fb49386eeb71898644c32734a48
- SHA1
  
  dd12404f5ec48a710b76fd0c8f0ac96cce8f7358
- SHA256
  
  ab11bc4d914653846cd26f24d97e4dcc3a4901e1cb65d63bae55cfff4980182b
- SHA512
  
  f38bb80a0ae6c50c6cfb71bedf699dad227918a5295a0c4638770c0e6210a4de507deb2f563f9d6ca93a3163bad8a73220aef080fee437706db795d88ff1a342
- SSDEEP
  
  384:CgDZ4XaCis7/WRdL5kyc/VQP7TngCANIUrAF+rMRTyN/0L+EcoinblneHQM3epz2:hD6XQD5nc/VQnFAZrM+rMRa8NuHgt
Score

10^/10

njrat itzm7d_hacker discovery evasion persistence privilege_escalation trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

itzm7d_hackernjrat

behavioral1

njratitzm7d_hackerdiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

discoveryevasionpersistenceprivilege_escalation