njrat | 35de7fceb13baa1d78b2480c70715c3643a6b20d8d40debee3bb57a208e2797e | Triage

Sharing

General

Target

35de7fceb13baa1d78b2480c70715c3643a6b20d8d40debee3bb57a208e2797e
Size

50KB
Sample

241006-ycql2swelf
MD5

48b54653b2dc586063e746379de09f8a
SHA1

99f14a1ecbe248af25b2a0f710614a1948469978
SHA256

35de7fceb13baa1d78b2480c70715c3643a6b20d8d40debee3bb57a208e2797e
SHA512

39df43ccd72d0ca11e312e6e3ef973ae56f9938d1163ac4e6839e411d4617d7f0887270a85710f9b62887f475b0497eeacc8eeef2d522f26c445fed1d1ceef3b
SSDEEP

768:ifQUIH5hyt4IBNXT6EOad1yPMXZwpJbb2zxxO5oaqHhisfvaMQmIDUu0tiTejWSh:OQRHg3hOoXkKZisfQVkbjWr

Score

10^/10

njrat mybot discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

MyBot

C2

192.168.0.108:2503

Mutex

69b2ff7c700ce93bcdefa60d17081a7c

Attributes

reg_key
69b2ff7c700ce93bcdefa60d17081a7c
splitter
Y262SUCZ4UJJ

Targets

- Target
  
  35de7fceb13baa1d78b2480c70715c3643a6b20d8d40debee3bb57a208e2797e
- Size
  
  50KB
- MD5
  
  48b54653b2dc586063e746379de09f8a
- SHA1
  
  99f14a1ecbe248af25b2a0f710614a1948469978
- SHA256
  
  35de7fceb13baa1d78b2480c70715c3643a6b20d8d40debee3bb57a208e2797e
- SHA512
  
  39df43ccd72d0ca11e312e6e3ef973ae56f9938d1163ac4e6839e411d4617d7f0887270a85710f9b62887f475b0497eeacc8eeef2d522f26c445fed1d1ceef3b
- SSDEEP
  
  768:ifQUIH5hyt4IBNXT6EOad1yPMXZwpJbb2zxxO5oaqHhisfvaMQmIDUu0tiTejWSh:OQRHg3hOoXkKZisfQVkbjWr
Score

10^/10

njrat mybot discovery evasion persistence privilege_escalation trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratmybotdiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

njratdiscoveryevasionpersistenceprivilege_escalationtrojan