njrat | 242c6c990e0db9483bd662f4d2bbf21f088701d53dc2fca2e9715cba06467863 | Triage

Sharing

General

Target

242c6c990e0db9483bd662f4d2bbf21f088701d53dc2fca2e9715cba06467863N
Size

65KB
Sample

241109-2m7j4atfnl
MD5

688b199d022be55295285a08630bb720
SHA1

5c9c00f67bc21e4fdb9be6394da97cb3a36cdbf3
SHA256

242c6c990e0db9483bd662f4d2bbf21f088701d53dc2fca2e9715cba06467863
SHA512

2553f34438789101d99b0e1e45032974e377db1b1e68c48f6a9b1ebee11145169565a46d55f1ff298c1f9882b735ca2d4c4983ca541c130da4ab47f0fd5e75f2
SSDEEP

1536:o3kmlSKYwpqiiJugU/cqaQ1RWn8hlzzRuFfxZEWQ8OGtdSoAAE:o0mlSKbpqXstapo5R6gPsXfE

Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

hakim32.ddns.net:2000

26.108.208.153:4312

Mutex

ef2fbd46be0f01f9a88a35d1c2f4b0c1

Attributes

reg_key
ef2fbd46be0f01f9a88a35d1c2f4b0c1
splitter
|'|'|

Targets

- Target
  
  242c6c990e0db9483bd662f4d2bbf21f088701d53dc2fca2e9715cba06467863N
- Size
  
  65KB
- MD5
  
  688b199d022be55295285a08630bb720
- SHA1
  
  5c9c00f67bc21e4fdb9be6394da97cb3a36cdbf3
- SHA256
  
  242c6c990e0db9483bd662f4d2bbf21f088701d53dc2fca2e9715cba06467863
- SHA512
  
  2553f34438789101d99b0e1e45032974e377db1b1e68c48f6a9b1ebee11145169565a46d55f1ff298c1f9882b735ca2d4c4983ca541c130da4ab47f0fd5e75f2
- SSDEEP
  
  1536:o3kmlSKYwpqiiJugU/cqaQ1RWn8hlzzRuFfxZEWQ8OGtdSoAAE:o0mlSKbpqXstapo5R6gPsXfE
Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackeddiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

discoveryevasionpersistenceprivilege_escalation