njrat | 1410fa76c2dcabd3ca7b07e6896130dde15ba9f69ce35470e01e94c9187f7eb0 | Triage

Sharing

General

Target

1410fa76c2dcabd3ca7b07e6896130dde15ba9f69ce35470e01e94c9187f7eb0
Size

37KB
Sample

241028-yxx7matqbs
MD5

586bdf17a89399e35f52295c6cffde36
SHA1

5dc8a61210a1cf3de9334bee3badf31d5a21cf52
SHA256

1410fa76c2dcabd3ca7b07e6896130dde15ba9f69ce35470e01e94c9187f7eb0
SHA512

58e36a36ed0f32d511ff63aba1ed4441ac907a2cdf3e9607167dff7ed85079cbefe3446328bc92b7a5bb2d06fb22f85b35f8cc014bdb95927c7742c07e43f2af
SSDEEP

768:cMY2J0gThx1mHPtudiYrgwRHVZ2ZZxgU7XcWquNTlqoueVd9uPsEc:T7JLZGGiY8w12rxVR79Pj9uPsp

Score

10^/10

njrat mohib evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

mohib

C2

127.0.0.1:1978

Mutex

db87e501efb3fe970d1a4a7aa5744b5f

Attributes

reg_key
db87e501efb3fe970d1a4a7aa5744b5f
splitter
|'|'|

Targets

- Target
  
  1410fa76c2dcabd3ca7b07e6896130dde15ba9f69ce35470e01e94c9187f7eb0
- Size
  
  37KB
- MD5
  
  586bdf17a89399e35f52295c6cffde36
- SHA1
  
  5dc8a61210a1cf3de9334bee3badf31d5a21cf52
- SHA256
  
  1410fa76c2dcabd3ca7b07e6896130dde15ba9f69ce35470e01e94c9187f7eb0
- SHA512
  
  58e36a36ed0f32d511ff63aba1ed4441ac907a2cdf3e9607167dff7ed85079cbefe3446328bc92b7a5bb2d06fb22f85b35f8cc014bdb95927c7742c07e43f2af
- SSDEEP
  
  768:cMY2J0gThx1mHPtudiYrgwRHVZ2ZZxgU7XcWquNTlqoueVd9uPsEc:T7JLZGGiY8w12rxVR79Pj9uPsp
Score

10^/10

njrat mohib evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratmohibevasionpersistenceprivilege_escalationtrojan

behavioral2

njratmohibevasionpersistenceprivilege_escalationtrojan