njrat | 5449c68208969baea8135a628d27523edaad887b8f4757e29611d892881212af | Triage

Sharing

General

Target

Server.exe
Size

23KB
Sample

241116-jgd2gssdpf
MD5

1702a7d13a257d4d4421e07700980ab9
SHA1

6400de3b12e571415b2570b8ecbf44f9ad9be9be
SHA256

5449c68208969baea8135a628d27523edaad887b8f4757e29611d892881212af
SHA512

a3e11b0cec2b565923aec7a0d3d210ca6d6c4c6abf6c1308e9f7712824947081d036ee82bc405c59f34f39b7adbc86487a832ac378ac8520149ecc397a52ef41
SSDEEP

384:7sqS+ER6vRKXGYKRWVSujUtX9w6Dglo61Z5DVmRvR6JZlbw8hqIusZzZxlNW:Qf65K2Yf1jKRpcnuUq

Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

147.185.221.16:36189

Mutex

58e766d3ca8017f8bd7d37d2b9bad0e2

Attributes

reg_key
58e766d3ca8017f8bd7d37d2b9bad0e2
splitter
|'|'|

Targets

- Target
  
  Server.exe
- Size
  
  23KB
- MD5
  
  1702a7d13a257d4d4421e07700980ab9
- SHA1
  
  6400de3b12e571415b2570b8ecbf44f9ad9be9be
- SHA256
  
  5449c68208969baea8135a628d27523edaad887b8f4757e29611d892881212af
- SHA512
  
  a3e11b0cec2b565923aec7a0d3d210ca6d6c4c6abf6c1308e9f7712824947081d036ee82bc405c59f34f39b7adbc86487a832ac378ac8520149ecc397a52ef41
- SSDEEP
  
  384:7sqS+ER6vRKXGYKRWVSujUtX9w6Dglo61Z5DVmRvR6JZlbw8hqIusZzZxlNW:Qf65K2Yf1jKRpcnuUq
Score

10^/10

njrat discovery evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Modifies Windows Firewall
  evasion
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratdiscoveryevasionpersistenceprivilege_escalationtrojan