njrat | 6e3f2ebb560fede5fca72650a4f495d1038930a3a7c0bebbd032be0a79e1f2b2 | Triage

Sharing

General

Target

6e3f2ebb560fede5fca72650a4f495d1038930a3a7c0bebbd032be0a79e1f2b2.exe
Size

22KB
Sample

240928-j3m7aavhkn
MD5

14cf4f2623f9c31a8ad03945e848a60c
SHA1

677c414db6441270a8ed824a8a27259ff2720758
SHA256

6e3f2ebb560fede5fca72650a4f495d1038930a3a7c0bebbd032be0a79e1f2b2
SHA512

e43c6095290b28e22a655c2c223811d8b46fc75428db5c52a3f896e52ef795ce2267a6c92dfad753aef6cb47740de721ba41713b7533fd59c9a7b29f0aeb3c83
SSDEEP

384:2+n2650N3qZbATcjRGC5Eo9D46BgnqUhay1ZmRvR6JZlbw8hqIusZzZRv:pm+71d5XRpcnui

Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

shytanoff.ddns.net:1177

Mutex

3d0dd0f92b252ee0856a5ed12374a126

Attributes

reg_key
3d0dd0f92b252ee0856a5ed12374a126
splitter
|'|'|

Targets

- Target
  
  6e3f2ebb560fede5fca72650a4f495d1038930a3a7c0bebbd032be0a79e1f2b2.exe
- Size
  
  22KB
- MD5
  
  14cf4f2623f9c31a8ad03945e848a60c
- SHA1
  
  677c414db6441270a8ed824a8a27259ff2720758
- SHA256
  
  6e3f2ebb560fede5fca72650a4f495d1038930a3a7c0bebbd032be0a79e1f2b2
- SHA512
  
  e43c6095290b28e22a655c2c223811d8b46fc75428db5c52a3f896e52ef795ce2267a6c92dfad753aef6cb47740de721ba41713b7533fd59c9a7b29f0aeb3c83
- SSDEEP
  
  384:2+n2650N3qZbATcjRGC5Eo9D46BgnqUhay1ZmRvR6JZlbw8hqIusZzZRv:pm+71d5XRpcnui
Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackeddiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

njratdiscoveryevasionpersistenceprivilege_escalationtrojan