njrat | e5bc0b1ea99391015f0199473250774663e13e5749bed3ed4f0205ffb94ea474 | Triage

Sharing

General

Target

e5bc0b1ea99391015f0199473250774663e13e5749bed3ed4f0205ffb94ea474
Size

423KB
Sample

241106-ezdq8avgjn
MD5

3d13e23fbf55b900900c939862fc0048
SHA1

7cd85cba33cb654c31b9103cea941e70271c9c68
SHA256

e5bc0b1ea99391015f0199473250774663e13e5749bed3ed4f0205ffb94ea474
SHA512

b5fb18102a89145b67460b69c5f647ce78adaae37542b7f2c15f6a606c898101730487c0ffe2ba1525114e4bcbcc88d599cb894539239da38968964a2481cc64
SSDEEP

12288:fTyY67zIjG4Kf7JiI7BKjkLOOkRE0XLWMJut:f87zIjH4iOBokKOkDZJut

Score

10^/10

njrat moh discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

Moh

C2

diga.myftp.org:1194

Mutex

96df218067aa38f2987ac5ab00b8da99

Attributes

reg_key
96df218067aa38f2987ac5ab00b8da99
splitter
|'|'|

Targets

- Target
  
  e5bc0b1ea99391015f0199473250774663e13e5749bed3ed4f0205ffb94ea474
- Size
  
  423KB
- MD5
  
  3d13e23fbf55b900900c939862fc0048
- SHA1
  
  7cd85cba33cb654c31b9103cea941e70271c9c68
- SHA256
  
  e5bc0b1ea99391015f0199473250774663e13e5749bed3ed4f0205ffb94ea474
- SHA512
  
  b5fb18102a89145b67460b69c5f647ce78adaae37542b7f2c15f6a606c898101730487c0ffe2ba1525114e4bcbcc88d599cb894539239da38968964a2481cc64
- SSDEEP
  
  12288:fTyY67zIjG4Kf7JiI7BKjkLOOkRE0XLWMJut:f87zIjH4iOBokKOkDZJut
Score

10^/10

njrat moh discovery evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratmohdiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

discoveryevasionpersistenceprivilege_escalation