njrat | abf2d14b10744dbd4ffc0c142a8920dd45ac321856f6a4a059c271a7e39041ea | Triage

Sharing

General

Target

0ddb82713a0bf96bfb34b08cedcdfd4e_JaffaCakes118
Size

93KB
Sample

241003-erxjcsxfkg
MD5

0ddb82713a0bf96bfb34b08cedcdfd4e
SHA1

0bf140902a27ea8131f36ce5d42cb468fa504cfa
SHA256

abf2d14b10744dbd4ffc0c142a8920dd45ac321856f6a4a059c271a7e39041ea
SHA512

d7f4b101d5e65f50c9f0474082f113648e8994a2377e3b29e30c739edcaee311e35916b7c8475407f7bf0c74cc911dc2dddc5149147e7b71903d0e6a946d80ce
SSDEEP

768:OY3f6pD9O/pBcxYsbae6GIXb9pDX2b9zPL0OXLeuXxrjEtCdnl2pi1Rz4Rk3UsG0:F6LOx6baIa9RIj00ljEwzGi1dDsDOgS

Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

hakim32.ddns.net:2000

127.0.0.1:1604

Mutex

9a3d87e67be58a391e6414a69c809149

Attributes

reg_key
9a3d87e67be58a391e6414a69c809149
splitter
|'|'|

Targets

- Target
  
  0ddb82713a0bf96bfb34b08cedcdfd4e_JaffaCakes118
- Size
  
  93KB
- MD5
  
  0ddb82713a0bf96bfb34b08cedcdfd4e
- SHA1
  
  0bf140902a27ea8131f36ce5d42cb468fa504cfa
- SHA256
  
  abf2d14b10744dbd4ffc0c142a8920dd45ac321856f6a4a059c271a7e39041ea
- SHA512
  
  d7f4b101d5e65f50c9f0474082f113648e8994a2377e3b29e30c739edcaee311e35916b7c8475407f7bf0c74cc911dc2dddc5149147e7b71903d0e6a946d80ce
- SSDEEP
  
  768:OY3f6pD9O/pBcxYsbae6GIXb9pDX2b9zPL0OXLeuXxrjEtCdnl2pi1Rz4Rk3UsG0:F6LOx6baIa9RIj00ljEwzGi1dDsDOgS
Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackeddiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

discoveryevasionpersistenceprivilege_escalation