njrat | 88ec1a1189573981d407cbb781939a413097f249b746f0eba01576fb7961f099 | Triage

Sharing

General

Target

Lads beams v2.exe
Size

7.6MB
Sample

241116-jxlfha1qez
MD5

2c5d4639d934ec4ca3ecef06aec24c1d
SHA1

183218073c262d05a32bfdd4976a19de297b4d37
SHA256

88ec1a1189573981d407cbb781939a413097f249b746f0eba01576fb7961f099
SHA512

a8f0705e955ec0fd01a988b45504727c340f97cc79338ceb446f0b33869aac130759e92f790b05632ef7c786af3743f19b8ba55a1dc7c3684959937d8e40009e
SSDEEP

196608:khrPh9Gs3WVaCbpHMwg4q9QFzAZNbUHYFSsNez:QlEsGHpJg40QyZlCIDq

Score

10^/10

njrat hacked defense_evasion discovery evasion persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

147.185.221.16:36189

Mutex

58e766d3ca8017f8bd7d37d2b9bad0e2

Attributes

reg_key
58e766d3ca8017f8bd7d37d2b9bad0e2
splitter
|'|'|

Targets

- Target
  
  Lads beams v2.exe
- Size
  
  7.6MB
- MD5
  
  2c5d4639d934ec4ca3ecef06aec24c1d
- SHA1
  
  183218073c262d05a32bfdd4976a19de297b4d37
- SHA256
  
  88ec1a1189573981d407cbb781939a413097f249b746f0eba01576fb7961f099
- SHA512
  
  a8f0705e955ec0fd01a988b45504727c340f97cc79338ceb446f0b33869aac130759e92f790b05632ef7c786af3743f19b8ba55a1dc7c3684959937d8e40009e
- SSDEEP
  
  196608:khrPh9Gs3WVaCbpHMwg4q9QFzAZNbUHYFSsNez:QlEsGHpJg40QyZlCIDq
Score

10^/10

njrat hacked defense_evasion discovery evasion persistence privilege_escalation trojan upx
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Obfuscated Files or Information

Command Obfuscation

Credential Access

Discovery

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackeddefense_evasiondiscoveryevasionpersistenceprivilege_escalationtrojanupx