njrat | fb84674177c884e1c023b804663a3584746f8767e14543f1d6902de43bf96c85 | Triage

Sharing

General

Target

fb84674177c884e1c023b804663a3584746f8767e14543f1d6902de43bf96c85N
Size

91KB
Sample

241011-erh1zazekp
MD5

b09ed6322bee0242f5de4a0d9da2d5e0
SHA1

383bee79302fec471619d70cf306e2df2d994159
SHA256

fb84674177c884e1c023b804663a3584746f8767e14543f1d6902de43bf96c85
SHA512

8e3d1067372d0c29f8213fe5e91796db4150a20c70aed5f46afb0bca532ae8733780eedeb7ba99365277bc8d3f5fae0d5e09fbcd95713562fca4d5553166786f
SSDEEP

1536:qCSCJ+9eb0YjoP3Dis+5m+8Di3e0Pc1WrMrsG6H:qCSCkowiNWHAG0

Score

10^/10

njrat hacked evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

127.0.0.1:5552

Mutex

aa0406053b481a57ef3e1e69d5f1d2a6

Attributes

reg_key
aa0406053b481a57ef3e1e69d5f1d2a6
splitter
|'|'|

Targets

- Target
  
  fb84674177c884e1c023b804663a3584746f8767e14543f1d6902de43bf96c85N
- Size
  
  91KB
- MD5
  
  b09ed6322bee0242f5de4a0d9da2d5e0
- SHA1
  
  383bee79302fec471619d70cf306e2df2d994159
- SHA256
  
  fb84674177c884e1c023b804663a3584746f8767e14543f1d6902de43bf96c85
- SHA512
  
  8e3d1067372d0c29f8213fe5e91796db4150a20c70aed5f46afb0bca532ae8733780eedeb7ba99365277bc8d3f5fae0d5e09fbcd95713562fca4d5553166786f
- SSDEEP
  
  1536:qCSCJ+9eb0YjoP3Dis+5m+8Di3e0Pc1WrMrsG6H:qCSCkowiNWHAG0
Score

10^/10

njrat hacked evasion persistence privilege_escalation trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackedevasionpersistenceprivilege_escalationtrojan

behavioral2

njrathackedevasionpersistenceprivilege_escalationtrojan