njrat | 335031654ecc1799c90f681ca309b9377d6be0a5561d457cc99ed73e839fbf8f | Triage

Sharing

General

Target

335031654ecc1799c90f681ca309b9377d6be0a5561d457cc99ed73e839fbf8fN
Size

3.4MB
Sample

241106-qn33hs1cjh
MD5

7519fab11e73a51ddd403bfc9008cff0
SHA1

b1b07a33d54859aaa1e2e6dbc22519051e07e6a9
SHA256

335031654ecc1799c90f681ca309b9377d6be0a5561d457cc99ed73e839fbf8f
SHA512

81bcc890db76771c0a685787da2660fe5f3117bb965c6ad6b3b6d651bcc22b12a9d415efadc918591eee1c3a59905e5479e7e785d94c35890f84122c01df7f1f
SSDEEP

98304:p8Fl84qUQhj3J2CBCoX05otUScs8QKkc7LkCvL:aS4q5jZ2K1WSHCvL

Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

comments-interventions.gl.at.ply.gg:43880

Mutex

ebcc26f4de39924d996fb09d34793367

Attributes

reg_key
ebcc26f4de39924d996fb09d34793367
splitter
|'|'|

Targets

- Target
  
  335031654ecc1799c90f681ca309b9377d6be0a5561d457cc99ed73e839fbf8fN
- Size
  
  3.4MB
- MD5
  
  7519fab11e73a51ddd403bfc9008cff0
- SHA1
  
  b1b07a33d54859aaa1e2e6dbc22519051e07e6a9
- SHA256
  
  335031654ecc1799c90f681ca309b9377d6be0a5561d457cc99ed73e839fbf8f
- SHA512
  
  81bcc890db76771c0a685787da2660fe5f3117bb965c6ad6b3b6d651bcc22b12a9d415efadc918591eee1c3a59905e5479e7e785d94c35890f84122c01df7f1f
- SSDEEP
  
  98304:p8Fl84qUQhj3J2CBCoX05otUScs8QKkc7LkCvL:aS4q5jZ2K1WSHCvL
Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackeddiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

discoveryevasionpersistenceprivilege_escalation