njrat | c52ab8a1946d9658e5c274c1e51932fc643f96521e6d399ba77a2222af822476 | Triage

Sharing

General

Target

c52ab8a1946d9658e5c274c1e51932fc643f96521e6d399ba77a2222af822476.exe
Size

31KB
Sample

241006-nk7keswcpb
MD5

8dee3a3af52675fd49f3237f1f286f98
SHA1

ace246c4682e31dec046eee463363e4de22cd071
SHA256

c52ab8a1946d9658e5c274c1e51932fc643f96521e6d399ba77a2222af822476
SHA512

eaae3b17d45296ffe6eff75ab1cb430ef44f9652854a2a6baeed99d9692333831ba756e4d05f776c29deedd2513d4309fe6b708c30f2cf3250a9202e42ecea4e
SSDEEP

384:7xZMpEiK+bPXEsi1i5siZdX8tT9HNqB9FPIIxATSONlDwodg9TdFpyFEIGsJjwEQ:Nv+h0FsdXCT/6NG2ouDbEEIGfRg+f

Score

10^/10

njrat 2020/discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Botnet

2020/

Mutex

cad6ec042b06ac31e129fbc8d13eabe6

Attributes

reg_key
cad6ec042b06ac31e129fbc8d13eabe6

Targets

- Target
  
  c52ab8a1946d9658e5c274c1e51932fc643f96521e6d399ba77a2222af822476.exe
- Size
  
  31KB
- MD5
  
  8dee3a3af52675fd49f3237f1f286f98
- SHA1
  
  ace246c4682e31dec046eee463363e4de22cd071
- SHA256
  
  c52ab8a1946d9658e5c274c1e51932fc643f96521e6d399ba77a2222af822476
- SHA512
  
  eaae3b17d45296ffe6eff75ab1cb430ef44f9652854a2a6baeed99d9692333831ba756e4d05f776c29deedd2513d4309fe6b708c30f2cf3250a9202e42ecea4e
- SSDEEP
  
  384:7xZMpEiK+bPXEsi1i5siZdX8tT9HNqB9FPIIxATSONlDwodg9TdFpyFEIGsJjwEQ:Nv+h0FsdXCT/6NG2ouDbEEIGfRg+f
Score

10^/10

njrat discovery evasion persistence privilege_escalation trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratdiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

njratdiscoveryevasionpersistenceprivilege_escalationtrojan