njrat | 8287887f1bf68c8328323d6d2ff0c28e94d43f5668c78dd33f2f0ca651c21338 | Triage

Sharing

General

Target

crack.exe
Size

7.9MB
Sample

241111-xcskzatejr
MD5

5c176f78c411c199ca2ec02c5b402810
SHA1

a268ccc95b620b1078602c6d6d3447ff3d8874ed
SHA256

8287887f1bf68c8328323d6d2ff0c28e94d43f5668c78dd33f2f0ca651c21338
SHA512

ae33004a339422c90f9ea52111804c323499b9cc516584cc54545245c6a8022d80c92ac206ba30dfa07acc932f8ab792164acd1eaff2670092c4a84fd1f88554
SSDEEP

196608:kivKUcQItzA1HeT39Iigwh1ncKOVVtk7KsUnijQFv4F:HDcvC1+TtIiFv0VQhgW/

Score

10^/10

njrat hacked defense_evasion evasion execution persistence privilege_escalation pyinstaller trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

7cpanel.hackcrack.io:46143

Mutex

Windows Explorer

Attributes

reg_key
Windows Explorer
splitter
|'|'|

Targets

- Target
  
  crack.exe
- Size
  
  7.9MB
- MD5
  
  5c176f78c411c199ca2ec02c5b402810
- SHA1
  
  a268ccc95b620b1078602c6d6d3447ff3d8874ed
- SHA256
  
  8287887f1bf68c8328323d6d2ff0c28e94d43f5668c78dd33f2f0ca651c21338
- SHA512
  
  ae33004a339422c90f9ea52111804c323499b9cc516584cc54545245c6a8022d80c92ac206ba30dfa07acc932f8ab792164acd1eaff2670092c4a84fd1f88554
- SSDEEP
  
  196608:kivKUcQItzA1HeT39Iigwh1ncKOVVtk7KsUnijQFv4F:HDcvC1+TtIiFv0VQhgW/
Score

10^/10

njrat hacked evasion persistence privilege_escalation pyinstaller trojan defense_evasion execution
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Hide Artifacts: Hidden Window
  Windows that would typically be displayed when an application carries out an operation can be hidden.
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Hide Artifacts

Hidden Window

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackedevasionpersistenceprivilege_escalationpyinstallertrojan

behavioral2

njrathackeddefense_evasionevasionexecutionpersistenceprivilege_escalationpyinstallertrojan