njrat | e4b20471a3ca12482ad82b2184f77b89255a995c3f8c261cece95569f98b4b4e | Triage

Sharing

General

Target

e4b20471a3ca12482ad82b2184f77b89255a995c3f8c261cece95569f98b4b4eN
Size

31KB
Sample

241022-mbebvasbnk
MD5

e53a8abeff6c3d1aa8b45ffad8e3ae80
SHA1

7951c4cf268b0ce94e65c9e92e20ce7cca8dce23
SHA256

e4b20471a3ca12482ad82b2184f77b89255a995c3f8c261cece95569f98b4b4e
SHA512

88be265323a864608270788beb979a33331beab4653a90a0c8b386d24bdc8958f32c66666a498d2a908d1bbfd70bab0f30212df4689d602b6e93cc4e2a3e39ed
SSDEEP

768:WAmqJf1Ll58zx36D14Vg3F5Vv6rQmIDUu0tikuj:D/9qXKP0QVkCj

Score

10^/10

njrat hhh discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

hhh

C2

zeedx.myftp.org:4899

Mutex

82fd4c6b8b02f141a05d2f9270a8e685

Attributes

reg_key
82fd4c6b8b02f141a05d2f9270a8e685
splitter
Y262SUCZ4UJJ

Targets

- Target
  
  e4b20471a3ca12482ad82b2184f77b89255a995c3f8c261cece95569f98b4b4eN
- Size
  
  31KB
- MD5
  
  e53a8abeff6c3d1aa8b45ffad8e3ae80
- SHA1
  
  7951c4cf268b0ce94e65c9e92e20ce7cca8dce23
- SHA256
  
  e4b20471a3ca12482ad82b2184f77b89255a995c3f8c261cece95569f98b4b4e
- SHA512
  
  88be265323a864608270788beb979a33331beab4653a90a0c8b386d24bdc8958f32c66666a498d2a908d1bbfd70bab0f30212df4689d602b6e93cc4e2a3e39ed
- SSDEEP
  
  768:WAmqJf1Ll58zx36D14Vg3F5Vv6rQmIDUu0tikuj:D/9qXKP0QVkCj
Score

10^/10

njrat discovery evasion persistence privilege_escalation trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratdiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

njratdiscoveryevasionpersistenceprivilege_escalationtrojan