njrat | 3354ea30764c04bd52141dbf6e91267430a4cdfd1036663aea735f31ff7560aa | Triage

Sharing

General

Target

1c859f47a0a557ffb5f5cf99df7291da.exe
Size

31KB
Sample

241008-dhxx4awapr
MD5

1c859f47a0a557ffb5f5cf99df7291da
SHA1

e1a336d13541e88cb7bc9788681ea729695f4bd8
SHA256

3354ea30764c04bd52141dbf6e91267430a4cdfd1036663aea735f31ff7560aa
SHA512

5f8daac1c3751578772adaa29b71e846881d1bee651ddb7e67af918c448ef3803c050fea4248fe19ca78517ea4ab6ff4bd3dae07f157de74f039c48330d0dd68
SSDEEP

768:6pMX3wpJbb2zxxO5+Oq3bisfv4BQmIDUu0tiS7Yj:fkKdisAQVkLMj

Score

10^/10

njrat backup discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

backup

C2

103.253.73.222:711

Mutex

769a6d2f4d6310beb643add84c2c23fd

Attributes

reg_key
769a6d2f4d6310beb643add84c2c23fd
splitter
Y262SUCZ4UJJ

Targets

- Target
  
  1c859f47a0a557ffb5f5cf99df7291da.exe
- Size
  
  31KB
- MD5
  
  1c859f47a0a557ffb5f5cf99df7291da
- SHA1
  
  e1a336d13541e88cb7bc9788681ea729695f4bd8
- SHA256
  
  3354ea30764c04bd52141dbf6e91267430a4cdfd1036663aea735f31ff7560aa
- SHA512
  
  5f8daac1c3751578772adaa29b71e846881d1bee651ddb7e67af918c448ef3803c050fea4248fe19ca78517ea4ab6ff4bd3dae07f157de74f039c48330d0dd68
- SSDEEP
  
  768:6pMX3wpJbb2zxxO5+Oq3bisfv4BQmIDUu0tiS7Yj:fkKdisAQVkLMj
Score

10^/10

njrat backup discovery evasion persistence privilege_escalation trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratbackupdiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

njratbackupdiscoveryevasionpersistenceprivilege_escalationtrojan