njrat | 58b5bb4905414d2ba02794f536401e96501d30208b7b3e270358ee91632fff7a | Triage

Sharing

General

Target

58b5bb4905414d2ba02794f536401e96501d30208b7b3e270358ee91632fff7aN
Size

31KB
Sample

241003-rpc36azcmn
MD5

68ef5326253042abcb6f49311c8d97d0
SHA1

2c36f4b7c48bffabdf8564f74a07d28e3d1946c1
SHA256

58b5bb4905414d2ba02794f536401e96501d30208b7b3e270358ee91632fff7a
SHA512

46081efc4ba5447827de69d68b1f33218a5b21ab73c27a179f5e071b13b63304d00c131160900f96be528ff46f590145cc9f65771d092c2260d201a1f0e03d53
SSDEEP

768:tFG5TP1/plIzxTCfVYAvN1Zvy/QmIDUu0tigFj:ab1ay/YQVkFj

Score

10^/10

njrat mybot discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

MyBot

C2

127.0.0.1:3526

Mutex

cab33fe480866f323cf8fd66ef3c9f9c

Attributes

reg_key
cab33fe480866f323cf8fd66ef3c9f9c
splitter
Y262SUCZ4UJJ

Targets

- Target
  
  58b5bb4905414d2ba02794f536401e96501d30208b7b3e270358ee91632fff7aN
- Size
  
  31KB
- MD5
  
  68ef5326253042abcb6f49311c8d97d0
- SHA1
  
  2c36f4b7c48bffabdf8564f74a07d28e3d1946c1
- SHA256
  
  58b5bb4905414d2ba02794f536401e96501d30208b7b3e270358ee91632fff7a
- SHA512
  
  46081efc4ba5447827de69d68b1f33218a5b21ab73c27a179f5e071b13b63304d00c131160900f96be528ff46f590145cc9f65771d092c2260d201a1f0e03d53
- SSDEEP
  
  768:tFG5TP1/plIzxTCfVYAvN1Zvy/QmIDUu0tigFj:ab1ay/YQVkFj
Score

10^/10

njrat discovery evasion persistence privilege_escalation trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratdiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

njratdiscoveryevasionpersistenceprivilege_escalationtrojan