njrat | d6586c14bc8871306d01f5d2065f3340e1e9419f260695880a1c9947340a289e | Triage

Sharing

General

Target

d6586c14bc8871306d01f5d2065f3340e1e9419f260695880a1c9947340a289eN.exe
Size

89KB
Sample

240925-17tnas1bll
MD5

fa3f20e10231190f449017b08f05c930
SHA1

6c8202dfbb81d01b9e99cbcf97a4c4113f0023ac
SHA256

d6586c14bc8871306d01f5d2065f3340e1e9419f260695880a1c9947340a289e
SHA512

4ba760536aedb767c7f38068ab9cabf497a1499998ddd4e5810588c848e561ead8ddb60b847653ef921b71ca2e8a6f7d893c30d27fd8aa1e97cf176b1bb67f27
SSDEEP

768:47qAn2N2urOxBPF6ozWUshy9x+UwVbYdguJcF4Qhc4VjsS8jdxKNu6LUEEDeyDvJ:4+AnP/BPEMW3hyj+UwV82hBjsVx1n5N

Score

10^/10

njrat hacked evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

127.0.0.1:5552

Mutex

279f6960ed84a752570aca7fb2dc1552

Attributes

reg_key
279f6960ed84a752570aca7fb2dc1552
splitter
|'|'|

Targets

- Target
  
  d6586c14bc8871306d01f5d2065f3340e1e9419f260695880a1c9947340a289eN.exe
- Size
  
  89KB
- MD5
  
  fa3f20e10231190f449017b08f05c930
- SHA1
  
  6c8202dfbb81d01b9e99cbcf97a4c4113f0023ac
- SHA256
  
  d6586c14bc8871306d01f5d2065f3340e1e9419f260695880a1c9947340a289e
- SHA512
  
  4ba760536aedb767c7f38068ab9cabf497a1499998ddd4e5810588c848e561ead8ddb60b847653ef921b71ca2e8a6f7d893c30d27fd8aa1e97cf176b1bb67f27
- SSDEEP
  
  768:47qAn2N2urOxBPF6ozWUshy9x+UwVbYdguJcF4Qhc4VjsS8jdxKNu6LUEEDeyDvJ:4+AnP/BPEMW3hyj+UwV82hBjsVx1n5N
Score

10^/10

njrat hacked evasion persistence privilege_escalation trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackedevasionpersistenceprivilege_escalationtrojan

behavioral2

njrathackedevasionpersistenceprivilege_escalationtrojan