njrat | b67ded535bc11168ed03a3e4cb68c67570f50c4eb3b84dcf9e971092c9c58a3f | Triage

Sharing

General

Target

8de3e75514da02111fa411f958145f31_JaffaCakes118
Size

750KB
Sample

241103-2ts1aawhke
MD5

8de3e75514da02111fa411f958145f31
SHA1

55bef280b943a8e662463ec72948864625ddc0e5
SHA256

b67ded535bc11168ed03a3e4cb68c67570f50c4eb3b84dcf9e971092c9c58a3f
SHA512

a5f3dc8669cd8435c33661d3b07737f554379e629ea3b0c5f792cb3dc7b64ce36758428bf1aaa82dce6466148d655ceea41926dcfb1f0e50d828efd38fafb92e
SSDEEP

6144:xOc8GN4wU4sY4WZOHLqw6/DtwGe4G6Evwoe+wiMbxKF:x3tNlU/f76Evwoe+wiMbUF

Score

10^/10

njrat hacked evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

127.0.0.1:5552

Mutex

7bcd7b5746ffd42f7ab0ebb5d27607aa

Attributes

reg_key
7bcd7b5746ffd42f7ab0ebb5d27607aa
splitter
|'|'|

Targets

- Target
  
  8de3e75514da02111fa411f958145f31_JaffaCakes118
- Size
  
  750KB
- MD5
  
  8de3e75514da02111fa411f958145f31
- SHA1
  
  55bef280b943a8e662463ec72948864625ddc0e5
- SHA256
  
  b67ded535bc11168ed03a3e4cb68c67570f50c4eb3b84dcf9e971092c9c58a3f
- SHA512
  
  a5f3dc8669cd8435c33661d3b07737f554379e629ea3b0c5f792cb3dc7b64ce36758428bf1aaa82dce6466148d655ceea41926dcfb1f0e50d828efd38fafb92e
- SSDEEP
  
  6144:xOc8GN4wU4sY4WZOHLqw6/DtwGe4G6Evwoe+wiMbxKF:x3tNlU/f76Evwoe+wiMbUF
Score

10^/10

njrat hacked evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackedevasionpersistenceprivilege_escalationtrojan

behavioral2

njrathackedevasionpersistenceprivilege_escalationtrojan