njrat | 7afbab4dbc0296d849e6d1436377ece67d887dcaad96a364659f07d13cb8d1aa | Triage

Sharing

General

Target

7afbab4dbc0296d849e6d1436377ece67d887dcaad96a364659f07d13cb8d1aaN
Size

1.1MB
Sample

241108-jdpc2sycjc
MD5

31b7afde2580800384c2b296a8c75cf0
SHA1

b701fa73bb8cea5df5039cc716b5c71f0a6ee398
SHA256

7afbab4dbc0296d849e6d1436377ece67d887dcaad96a364659f07d13cb8d1aa
SHA512

832adb6d32ec5c9c55340c86bc0bd2a051f845a810e1f245ab06de5073284eb67478b7e7b628607bbb48bf5397cf91d87687570db6d72d35b45edf2e45df0b6a
SSDEEP

24576:7r2f/NRiXPAtK2spGtZN3S56QDAUR3WTtwb:7r4/6XD2spKZN3S51DH

Score

10^/10

njrat mdak evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

MDAK

C2

hakim32.ddns.net:2000

127.0.0.1:5552

Mutex

d79a7bbe5ad7316f83f8657ce4d4b26d

Attributes

reg_key
d79a7bbe5ad7316f83f8657ce4d4b26d
splitter
|'|'|

Targets

- Target
  
  7afbab4dbc0296d849e6d1436377ece67d887dcaad96a364659f07d13cb8d1aaN
- Size
  
  1.1MB
- MD5
  
  31b7afde2580800384c2b296a8c75cf0
- SHA1
  
  b701fa73bb8cea5df5039cc716b5c71f0a6ee398
- SHA256
  
  7afbab4dbc0296d849e6d1436377ece67d887dcaad96a364659f07d13cb8d1aa
- SHA512
  
  832adb6d32ec5c9c55340c86bc0bd2a051f845a810e1f245ab06de5073284eb67478b7e7b628607bbb48bf5397cf91d87687570db6d72d35b45edf2e45df0b6a
- SSDEEP
  
  24576:7r2f/NRiXPAtK2spGtZN3S56QDAUR3WTtwb:7r4/6XD2spKZN3S51DH
Score

10^/10

njrat mdak evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Drops startup file
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratmdakevasionpersistenceprivilege_escalationtrojan

behavioral2

njratmdakevasionpersistenceprivilege_escalationtrojan