njrat | 04bcdc341ca55c01016d38a3e896fe33c86e044cbc944afdd5f5b0ccb3ca9393 | Triage

Sharing

General

Target

04bcdc341ca55c01016d38a3e896fe33c86e044cbc944afdd5f5b0ccb3ca9393N
Size

23KB
Sample

241004-wdvahsxemk
MD5

1705fb075c2e1cead24ac0c108779fe0
SHA1

b2a85c7a68becaefc93bb24962ccca9805b2ddf9
SHA256

04bcdc341ca55c01016d38a3e896fe33c86e044cbc944afdd5f5b0ccb3ca9393
SHA512

349bc1c8773d20a2bd50d20cf5b3a197cd3571bd2d8fc1bdf511891beafdaf388ff8e926f7a0ab5043f38d11d078ee00ee010ddb4f8fbf38857e20a0ea5e0994
SSDEEP

384:RI2SUwXh0ZbAzlRGCvkodj46hgHK0hrV5mRvR6JZlbw8hqIusZzZ3p:mbhEkdvXRpcnuK

Score

10^/10

njrat hacked by a8fit discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Hacked By A8Fit

C2

22.ip.gl.ply.gg:57731

Mutex

f9a68e24c5c68723f7145b963291eb2e

Attributes

reg_key
f9a68e24c5c68723f7145b963291eb2e
splitter
|'|'|

Targets

- Target
  
  04bcdc341ca55c01016d38a3e896fe33c86e044cbc944afdd5f5b0ccb3ca9393N
- Size
  
  23KB
- MD5
  
  1705fb075c2e1cead24ac0c108779fe0
- SHA1
  
  b2a85c7a68becaefc93bb24962ccca9805b2ddf9
- SHA256
  
  04bcdc341ca55c01016d38a3e896fe33c86e044cbc944afdd5f5b0ccb3ca9393
- SHA512
  
  349bc1c8773d20a2bd50d20cf5b3a197cd3571bd2d8fc1bdf511891beafdaf388ff8e926f7a0ab5043f38d11d078ee00ee010ddb4f8fbf38857e20a0ea5e0994
- SSDEEP
  
  384:RI2SUwXh0ZbAzlRGCvkodj46hgHK0hrV5mRvR6JZlbw8hqIusZzZ3p:mbhEkdvXRpcnuK
Score

10^/10

njrat hacked by a8fit discovery evasion persistence privilege_escalation trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

hacked by a8fitnjrat

behavioral1

njrathacked by a8fitdiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

njratdiscoveryevasionpersistenceprivilege_escalationtrojan