njrat | 62dc074f1ae5093effdea892ad6fd5c30506fab0a7ce508912d17fe63f9cbb81 | Triage

Sharing

General

Target

f945dd5291f1cc7457d7bccb242314c0_JaffaCakes118
Size

23KB
Sample

240926-2gnj2a1emr
MD5

f945dd5291f1cc7457d7bccb242314c0
SHA1

de72c1fd6f1f7a9bd02b2de2747c173de83a4162
SHA256

62dc074f1ae5093effdea892ad6fd5c30506fab0a7ce508912d17fe63f9cbb81
SHA512

02acea3115696bd020074547740d0f4dd72c691f41957e6944863ebab4b6196a5f585551f7f72156ea81a9f108e86b79f5426c5aa9f99cefc01d560398327a97
SSDEEP

384:dc6ze6e1PAhJVzC3tC1im/BsTx46PgZ0rap9H9mRvR6JZlbw8hqIusZzZar5g:3e9EJLN/WRpcnuLNg

Score

10^/10

njrat monster discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

MONSTER

C2

agx1996.ddns.net:5522

Mutex

38921ef0ea6ccfe30ec6445068ee1172

Attributes

reg_key
38921ef0ea6ccfe30ec6445068ee1172
splitter
|'|'|

Targets

- Target
  
  f945dd5291f1cc7457d7bccb242314c0_JaffaCakes118
- Size
  
  23KB
- MD5
  
  f945dd5291f1cc7457d7bccb242314c0
- SHA1
  
  de72c1fd6f1f7a9bd02b2de2747c173de83a4162
- SHA256
  
  62dc074f1ae5093effdea892ad6fd5c30506fab0a7ce508912d17fe63f9cbb81
- SHA512
  
  02acea3115696bd020074547740d0f4dd72c691f41957e6944863ebab4b6196a5f585551f7f72156ea81a9f108e86b79f5426c5aa9f99cefc01d560398327a97
- SSDEEP
  
  384:dc6ze6e1PAhJVzC3tC1im/BsTx46PgZ0rap9H9mRvR6JZlbw8hqIusZzZar5g:3e9EJLN/WRpcnuLNg
Score

10^/10

njrat monster discovery evasion persistence privilege_escalation trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratmonsterdiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

njratdiscoveryevasionpersistenceprivilege_escalationtrojan