njrat | 950c5a7a6061190cd9dd1545adfc97ef4f06519bfd29227128d786a249feecc2 | Triage

Sharing

General

Target

950c5a7a6061190cd9dd1545adfc97ef4f06519bfd29227128d786a249feecc2.exe
Size

123KB
Sample

240926-cgp1esterh
MD5

64fb11e1248b0df7e367399e26023e4b
SHA1

edbf28d41a3856c9234f02178952668b05820852
SHA256

950c5a7a6061190cd9dd1545adfc97ef4f06519bfd29227128d786a249feecc2
SHA512

642466048fdb2cdb51997154f716ede7fac1203ee2a1874ada27c463d8e51f69fcfd1cb2a4af8f07c08b581bd5e37dfe56481aab0e01850a58eb90f4777f5ef2
SSDEEP

3072:qkFEijpIh0kaNOrIKmJMwdR35H6Y3GcGoX559oPOE:g0kXrI7Jv35xDGoXta

Score

10^/10

njrat hacked evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

19.ip.gl.ply.gg:42443

Mutex

c1f77453d4f3d154f8c1eedb0473faf9

Attributes

reg_key
c1f77453d4f3d154f8c1eedb0473faf9
splitter
|'|'|

Targets

- Target
  
  950c5a7a6061190cd9dd1545adfc97ef4f06519bfd29227128d786a249feecc2.exe
- Size
  
  123KB
- MD5
  
  64fb11e1248b0df7e367399e26023e4b
- SHA1
  
  edbf28d41a3856c9234f02178952668b05820852
- SHA256
  
  950c5a7a6061190cd9dd1545adfc97ef4f06519bfd29227128d786a249feecc2
- SHA512
  
  642466048fdb2cdb51997154f716ede7fac1203ee2a1874ada27c463d8e51f69fcfd1cb2a4af8f07c08b581bd5e37dfe56481aab0e01850a58eb90f4777f5ef2
- SSDEEP
  
  3072:qkFEijpIh0kaNOrIKmJMwdR35H6Y3GcGoX559oPOE:g0kXrI7Jv35xDGoXta
Score

10^/10

njrat hacked evasion persistence privilege_escalation trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackedevasionpersistenceprivilege_escalationtrojan

behavioral2

njrathackedevasionpersistenceprivilege_escalationtrojan