njrat | a48793de08e00cbf27bea2e14c5dfa19cb3a00cf022d5d5aa544c335c411c2cf | Triage

Sharing

General

Target

a48793de08e00cbf27bea2e14c5dfa19cb3a00cf022d5d5aa544c335c411c2cfN
Size

29KB
Sample

241003-zqktdswdnk
MD5

760311844c7277c1093b2329a4457b30
SHA1

f680eba0056d8e68976b7acdfb2281522a7929d8
SHA256

a48793de08e00cbf27bea2e14c5dfa19cb3a00cf022d5d5aa544c335c411c2cf
SHA512

986c78b2a350da5faa1ea838ee782ab10b2034e605fef1801ec8f06668b6556c366d24022fa0f511586e33f3f2301f6a51bbb152910b9653c84fa26499c30775
SSDEEP

384:QQ+qNl7fFwYU+uPnQD56136WmqDoz7e4aGBsbh0w4wlAokw9OhgOL1vYRGOZzKYN:z7qYU+u/mq3Mqa7eQBKh0p29SgRtTB

Score

10^/10

njrat جديد ديب فريذ وى هند كافى discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

جديد ديب فريذ وى هند كافى

C2

amma.myftp.biz:1177

Mutex

5a295eb30a8c4bea86741e429f16b791

Attributes

reg_key
5a295eb30a8c4bea86741e429f16b791
splitter
|'|'|

Targets

- Target
  
  a48793de08e00cbf27bea2e14c5dfa19cb3a00cf022d5d5aa544c335c411c2cfN
- Size
  
  29KB
- MD5
  
  760311844c7277c1093b2329a4457b30
- SHA1
  
  f680eba0056d8e68976b7acdfb2281522a7929d8
- SHA256
  
  a48793de08e00cbf27bea2e14c5dfa19cb3a00cf022d5d5aa544c335c411c2cf
- SHA512
  
  986c78b2a350da5faa1ea838ee782ab10b2034e605fef1801ec8f06668b6556c366d24022fa0f511586e33f3f2301f6a51bbb152910b9653c84fa26499c30775
- SSDEEP
  
  384:QQ+qNl7fFwYU+uPnQD56136WmqDoz7e4aGBsbh0w4wlAokw9OhgOL1vYRGOZzKYN:z7qYU+u/mq3Mqa7eQBKh0p29SgRtTB
Score

10^/10

njrat جديد ديب فريذ وى هند كافى discovery evasion persistence privilege_escalation trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

جديد ديب فريذ وى هند كافىnjrat

behavioral1

njratجديد ديب فريذ وى هند كافىdiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

discoveryevasionpersistenceprivilege_escalation