njrat | 326c96af0ea7fe35ea7a8f27d066c40504806a58be14313a4d7b6aecf74f7a74 | Triage

Sharing

General

Target

f2743e403ab405cdd0924a06d138df34_JaffaCakes118
Size

259KB
Sample

240922-vn5nkazhrm
MD5

f2743e403ab405cdd0924a06d138df34
SHA1

e164a75ad1975f72b3c216722a7d14b1987738ee
SHA256

326c96af0ea7fe35ea7a8f27d066c40504806a58be14313a4d7b6aecf74f7a74
SHA512

baeffceee12429e01a88d39e6f32aca8bcf5d8de32419a2a591101f6f70f3de0cc2e754e1417fb620a8daed60f1d890304fc1eaecec51aeb24bae59f66eb0551
SSDEEP

3072:CXOgeluv4V3aWxbMXy2x+kKEAWB24OHxTWewwx+VCcgRdsK68sJspL7sTAX:IOgFva35bmGbNHxDZUIR8nJGvX

Score

10^/10

njrat evasion persistence privilege_escalation trojan

Malware Config

Targets

- Target
  
  f2743e403ab405cdd0924a06d138df34_JaffaCakes118
- Size
  
  259KB
- MD5
  
  f2743e403ab405cdd0924a06d138df34
- SHA1
  
  e164a75ad1975f72b3c216722a7d14b1987738ee
- SHA256
  
  326c96af0ea7fe35ea7a8f27d066c40504806a58be14313a4d7b6aecf74f7a74
- SHA512
  
  baeffceee12429e01a88d39e6f32aca8bcf5d8de32419a2a591101f6f70f3de0cc2e754e1417fb620a8daed60f1d890304fc1eaecec51aeb24bae59f66eb0551
- SSDEEP
  
  3072:CXOgeluv4V3aWxbMXy2x+kKEAWB24OHxTWewwx+VCcgRdsK68sJspL7sTAX:IOgFva35bmGbNHxDZUIR8nJGvX
Score

10^/10

njrat evasion persistence privilege_escalation trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratevasionpersistenceprivilege_escalationtrojan

behavioral2

njratevasionpersistenceprivilege_escalationtrojan