njrat | be554d5a1699c2f889ffaba65b73037a81a02ceb7e5c949f57f2fa421bc4454b | Triage

Sharing

General

Target

be554d5a1699c2f889ffaba65b73037a81a02ceb7e5c949f57f2fa421bc4454b
Size

277KB
Sample

241008-kh6zbsxfmm
MD5

44ead99f551ae0b54518a9bd8984c804
SHA1

7469bf4550c4e09704671e01e235f8768ba0bc13
SHA256

be554d5a1699c2f889ffaba65b73037a81a02ceb7e5c949f57f2fa421bc4454b
SHA512

97d1fd1ff16a22eb2e70f9b3c13b939fa96b4b649f4ceafc5675ac90af6ec2c52ad2a7805d4e8c4eecab5a6db170a9efd5178badb743e19664a8f02b229f2ede
SSDEEP

6144:9DU1afib8IPIebBGOuPQyvUQMH5zlGAK8qujiCfU:qafiNxtuPFvWA0PM

Score

10^/10

njrat hacked evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

127.0.0.1:5552

Mutex

34d7012941994fddda049fc564013d4b

Attributes

reg_key
34d7012941994fddda049fc564013d4b
splitter
|'|'|

Targets

- Target
  
  be554d5a1699c2f889ffaba65b73037a81a02ceb7e5c949f57f2fa421bc4454b
- Size
  
  277KB
- MD5
  
  44ead99f551ae0b54518a9bd8984c804
- SHA1
  
  7469bf4550c4e09704671e01e235f8768ba0bc13
- SHA256
  
  be554d5a1699c2f889ffaba65b73037a81a02ceb7e5c949f57f2fa421bc4454b
- SHA512
  
  97d1fd1ff16a22eb2e70f9b3c13b939fa96b4b649f4ceafc5675ac90af6ec2c52ad2a7805d4e8c4eecab5a6db170a9efd5178badb743e19664a8f02b229f2ede
- SSDEEP
  
  6144:9DU1afib8IPIebBGOuPQyvUQMH5zlGAK8qujiCfU:qafiNxtuPFvWA0PM
Score

10^/10

njrat hacked evasion persistence privilege_escalation trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackedevasionpersistenceprivilege_escalationtrojan

behavioral2

njrathackedevasionpersistenceprivilege_escalationtrojan