njrat | e59b3d324bf67b28f587a8503afa20d345ff267803ddeb184c025324376afe01 | Triage

Sharing

General

Target

e59b3d324bf67b28f587a8503afa20d345ff267803ddeb184c025324376afe01N
Size

919KB
Sample

241020-eewfjazbmn
MD5

1d62807871ef92724da791b894af6bc0
SHA1

6eba5da6e17e815dc33acf1c5f4e6c9741447eee
SHA256

e59b3d324bf67b28f587a8503afa20d345ff267803ddeb184c025324376afe01
SHA512

1ec35e148599834888d035d6688d4ea9ae30cb8922905ad6f6f2fbb7c01ae0cd06b04ff3cbedbf203b921a8ebb7f0dd25868abeb42feac19f948973c79295be4
SSDEEP

24576:RAHnh+eWsN3skA4RV1Hom2KXMmHapLUsQ5t:oh+ZkldoPK8Yap6t

Score

10^/10

njrat fourth#4 discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

fourth#4

C2

soft98.linkpc.net:5550

Mutex

10e93180d6481ad63a77c2b255d40864

Attributes

reg_key
10e93180d6481ad63a77c2b255d40864
splitter
|'|'|

Targets

- Target
  
  e59b3d324bf67b28f587a8503afa20d345ff267803ddeb184c025324376afe01N
- Size
  
  919KB
- MD5
  
  1d62807871ef92724da791b894af6bc0
- SHA1
  
  6eba5da6e17e815dc33acf1c5f4e6c9741447eee
- SHA256
  
  e59b3d324bf67b28f587a8503afa20d345ff267803ddeb184c025324376afe01
- SHA512
  
  1ec35e148599834888d035d6688d4ea9ae30cb8922905ad6f6f2fbb7c01ae0cd06b04ff3cbedbf203b921a8ebb7f0dd25868abeb42feac19f948973c79295be4
- SSDEEP
  
  24576:RAHnh+eWsN3skA4RV1Hom2KXMmHapLUsQ5t:oh+ZkldoPK8Yap6t
Score

10^/10

njrat fourth#4 discovery evasion persistence privilege_escalation trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratfourth#4discoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

njratfourth#4discoveryevasionpersistenceprivilege_escalationtrojan