njrat | d23bff11e9aa5f743e7a0063b86b2b9a59a6dc56760eb37498a2df3386150603 | Triage

Sharing

General

Target

d23bff11e9aa5f743e7a0063b86b2b9a59a6dc56760eb37498a2df3386150603N
Size

23KB
Sample

241020-zbhqgszhkl
MD5

17b70e5760d1cd01cdf136d0e4ef41d0
SHA1

c000eae79731c8c0a44332a15c0e019b6a98c0c1
SHA256

d23bff11e9aa5f743e7a0063b86b2b9a59a6dc56760eb37498a2df3386150603
SHA512

fcf229adc35f1cabba02d961b280391e1a5e1e05fcc2f422b76a40642e0a6b142b47a116bc524ade30391042a232bf02fec90c7ce6fa938ab8f30fd8281305cd
SSDEEP

384:MMK6b2GZsx/Yr1+liORH1kcPFQ6Lg9gSOYRr9mRvR6JZlbw8hqIusZzZL6:fb9glF51LRpcnuF

Score

10^/10

njrat lammer discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Lammer

C2

csgocheats.ddns.net:1177

Mutex

ef4b9e3dcbc63f1d8507fa3bc932f5d9

Attributes

reg_key
ef4b9e3dcbc63f1d8507fa3bc932f5d9
splitter
|'|'|

Targets

- Target
  
  d23bff11e9aa5f743e7a0063b86b2b9a59a6dc56760eb37498a2df3386150603N
- Size
  
  23KB
- MD5
  
  17b70e5760d1cd01cdf136d0e4ef41d0
- SHA1
  
  c000eae79731c8c0a44332a15c0e019b6a98c0c1
- SHA256
  
  d23bff11e9aa5f743e7a0063b86b2b9a59a6dc56760eb37498a2df3386150603
- SHA512
  
  fcf229adc35f1cabba02d961b280391e1a5e1e05fcc2f422b76a40642e0a6b142b47a116bc524ade30391042a232bf02fec90c7ce6fa938ab8f30fd8281305cd
- SSDEEP
  
  384:MMK6b2GZsx/Yr1+liORH1kcPFQ6Lg9gSOYRr9mRvR6JZlbw8hqIusZzZL6:fb9glF51LRpcnuF
Score

10^/10

njrat discovery evasion persistence privilege_escalation trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratdiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

njratdiscoveryevasionpersistenceprivilege_escalationtrojan