njrat | 3e1e4faf11d4ea1f0be8e16658685f524fad1d5b464857422b88bbbacc878ab6 | Triage

Sharing

General

Target

3e1e4faf11d4ea1f0be8e16658685f524fad1d5b464857422b88bbbacc878ab6.exe
Size

32KB
Sample

240927-xyzamsveln
MD5

491b2cc22402cd5000aa30bb3944567a
SHA1

b3f35dd837911e016e78a1ee9c4b24001760ced4
SHA256

3e1e4faf11d4ea1f0be8e16658685f524fad1d5b464857422b88bbbacc878ab6
SHA512

4d387fa3ef471f357975dd63c39fd2466e98652d99e94208a6299857b1eb6caa641940833435468fcc3f2d17dbff7fcf60aa06d9f857f6fdc10affceffd604b9
SSDEEP

384:4G5o4U+mVQQyQJsixtePRuRMNFPIk+TWq4lDModg9TdFpyFEIGsJjwE7UMcrie4J:RuV4kteSspiouDbEEIGfRL+f

Score

10^/10

njrat hacked by hidden person discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Botnet

Hacked By HiDDen PerSOn

Mutex

2ccdef4bb99c150c27469b80a97eb52c

Attributes

reg_key
2ccdef4bb99c150c27469b80a97eb52c

Targets

- Target
  
  3e1e4faf11d4ea1f0be8e16658685f524fad1d5b464857422b88bbbacc878ab6.exe
- Size
  
  32KB
- MD5
  
  491b2cc22402cd5000aa30bb3944567a
- SHA1
  
  b3f35dd837911e016e78a1ee9c4b24001760ced4
- SHA256
  
  3e1e4faf11d4ea1f0be8e16658685f524fad1d5b464857422b88bbbacc878ab6
- SHA512
  
  4d387fa3ef471f357975dd63c39fd2466e98652d99e94208a6299857b1eb6caa641940833435468fcc3f2d17dbff7fcf60aa06d9f857f6fdc10affceffd604b9
- SSDEEP
  
  384:4G5o4U+mVQQyQJsixtePRuRMNFPIk+TWq4lDModg9TdFpyFEIGsJjwE7UMcrie4J:RuV4kteSspiouDbEEIGfRL+f
Score

10^/10

njrat hacked by hidden person discovery evasion persistence privilege_escalation trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

hacked by hidden personnjrat

behavioral1

njrathacked by hidden persondiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

njratdiscoveryevasionpersistenceprivilege_escalationtrojan