njrat | 0dd42f9972f8ed7ee8c3baa8f683000272036d7c3e8122b075bcce3c5e1934a8 | Triage

Sharing

General

Target

0dd42f9972f8ed7ee8c3baa8f683000272036d7c3e8122b075bcce3c5e1934a8N
Size

93KB
Sample

241007-g9hh9s1bqn
MD5

347136840cb1381fad7a452e0934cdc0
SHA1

88d5c5a8b98f69bd25bbfd4b5503f8a836ebd6a2
SHA256

0dd42f9972f8ed7ee8c3baa8f683000272036d7c3e8122b075bcce3c5e1934a8
SHA512

77755e12d2c5de54b6eac11373c73f8f7250126849fef8f2c55a0979f08231758ec072f4a832ba02ecf717340db12d56aa76f60d6f8b2d9b75269108cfb666d3
SSDEEP

768:qY3K5BnkpjTMpALPGMtsas88EtNXhe9f1mxCXxrjEtCdnl2pi1Rz4Rk39sGdpigM:Y5RkVbPGHz88EbW1pjEwzGi1dDtDigS

Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

hakim32.ddns.net:2000

127.0.0.1:8888

Mutex

092f7f2e0326c4ab96afa5b2d81a0187

Attributes

reg_key
092f7f2e0326c4ab96afa5b2d81a0187
splitter
|'|'|

Targets

- Target
  
  0dd42f9972f8ed7ee8c3baa8f683000272036d7c3e8122b075bcce3c5e1934a8N
- Size
  
  93KB
- MD5
  
  347136840cb1381fad7a452e0934cdc0
- SHA1
  
  88d5c5a8b98f69bd25bbfd4b5503f8a836ebd6a2
- SHA256
  
  0dd42f9972f8ed7ee8c3baa8f683000272036d7c3e8122b075bcce3c5e1934a8
- SHA512
  
  77755e12d2c5de54b6eac11373c73f8f7250126849fef8f2c55a0979f08231758ec072f4a832ba02ecf717340db12d56aa76f60d6f8b2d9b75269108cfb666d3
- SSDEEP
  
  768:qY3K5BnkpjTMpALPGMtsas88EtNXhe9f1mxCXxrjEtCdnl2pi1Rz4Rk39sGdpigM:Y5RkVbPGHz88EbW1pjEwzGi1dDtDigS
Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackeddiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

discoveryevasionpersistenceprivilege_escalation