njrat | a8f2c49e9f83803c6745c57dd06c56fd1815deb560635ce3c96046fef9c19d29 | Triage

Sharing

General

Target

a8f2c49e9f83803c6745c57dd06c56fd1815deb560635ce3c96046fef9c19d29
Size

687KB
Sample

240928-a6zj2s1akg
MD5

45b3beac66c33fc57442ef21733d1bcd
SHA1

8c9cdce4ff7fce32928e60ff3412f0429116fb3f
SHA256

a8f2c49e9f83803c6745c57dd06c56fd1815deb560635ce3c96046fef9c19d29
SHA512

efc1dd28a39ad29dbd14bff00d7d8877eb21db33a2fe49201c08d3aabc3ad59a0b25267be9b60cec57c5e72a18bfc087731f8a48837846ef6b5f8556eacb59e5
SSDEEP

12288:tmTdR1inA5SOT7mU2st/T3KhYN68HBO5UB3h9KC7Rwqf:ITdbi2/92SGCO5UhzRw

Score

10^/10

njrat qqqqqqqqq discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

QQQQQQQQQ

C2

ronymahmoud.casacam.net:1177

Mutex

89fa643fac1a0357a38ce45fc3a3e20b

Attributes

reg_key
89fa643fac1a0357a38ce45fc3a3e20b
splitter
|'|'|

Targets

- Target
  
  a8f2c49e9f83803c6745c57dd06c56fd1815deb560635ce3c96046fef9c19d29
- Size
  
  687KB
- MD5
  
  45b3beac66c33fc57442ef21733d1bcd
- SHA1
  
  8c9cdce4ff7fce32928e60ff3412f0429116fb3f
- SHA256
  
  a8f2c49e9f83803c6745c57dd06c56fd1815deb560635ce3c96046fef9c19d29
- SHA512
  
  efc1dd28a39ad29dbd14bff00d7d8877eb21db33a2fe49201c08d3aabc3ad59a0b25267be9b60cec57c5e72a18bfc087731f8a48837846ef6b5f8556eacb59e5
- SSDEEP
  
  12288:tmTdR1inA5SOT7mU2st/T3KhYN68HBO5UB3h9KC7Rwqf:ITdbi2/92SGCO5UhzRw
Score

10^/10

njrat qqqqqqqqq discovery evasion persistence privilege_escalation trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratqqqqqqqqqdiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

njratqqqqqqqqqdiscoveryevasionpersistenceprivilege_escalationtrojan