njrat | c4a53d553617754a4cd39cc3a0f66aa2d5302a549f7562b04774732231534366 | Triage

Sharing

General

Target

c4a53d553617754a4cd39cc3a0f66aa2d5302a549f7562b04774732231534366N
Size

23KB
Sample

241103-gdnqeawglh
MD5

ff2c4f921fab4f4900acb9c9fecb6ec0
SHA1

e385387ead5c0f7c626de00fb716dea1c6e8e9e3
SHA256

c4a53d553617754a4cd39cc3a0f66aa2d5302a549f7562b04774732231534366
SHA512

5a34cf6ad696b41e8b0d3d2272c214673ed5ed1aa0c6560793bcb4a2cc6646c8d8d419a557a7a4a46e2f2447568110b3cd9aaa36737d6061e6653ebbeee38e8e
SSDEEP

384:kslUlEvOEJ8xWwYJOMiOBZEdj1567gtwi5HhbQmRvR6JZlbw8hqIusZzZif:teEvwIlLMRpcnuH

Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

192.168.1.5:5552

Mutex

7c2c57ac23031a96b734c5b4f1cc3f93

Attributes

reg_key
7c2c57ac23031a96b734c5b4f1cc3f93
splitter
|'|'|

Targets

- Target
  
  c4a53d553617754a4cd39cc3a0f66aa2d5302a549f7562b04774732231534366N
- Size
  
  23KB
- MD5
  
  ff2c4f921fab4f4900acb9c9fecb6ec0
- SHA1
  
  e385387ead5c0f7c626de00fb716dea1c6e8e9e3
- SHA256
  
  c4a53d553617754a4cd39cc3a0f66aa2d5302a549f7562b04774732231534366
- SHA512
  
  5a34cf6ad696b41e8b0d3d2272c214673ed5ed1aa0c6560793bcb4a2cc6646c8d8d419a557a7a4a46e2f2447568110b3cd9aaa36737d6061e6653ebbeee38e8e
- SSDEEP
  
  384:kslUlEvOEJ8xWwYJOMiOBZEdj1567gtwi5HhbQmRvR6JZlbw8hqIusZzZif:teEvwIlLMRpcnuH
Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackeddiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

njratdiscoveryevasionpersistenceprivilege_escalationtrojan