njrat | a16a68d2299311841391fcbe1437b28b7380af5d38f9b3a4893c0e9b42734a09 | Triage

Sharing

General

Target

svClienta.exe
Size

93KB
Sample

241119-enb39azdmf
MD5

bc34c0b11293cdfc0a863882711c20ad
SHA1

4dd697ae2aea7a84ca121f0653cb2772d3ef63e6
SHA256

a16a68d2299311841391fcbe1437b28b7380af5d38f9b3a4893c0e9b42734a09
SHA512

743c14f978996cff8374ccea1352fa19c1707306df101896dd3ccd2d5b88dbe985f3be43597246768bbd7dabcd9dbbe815bb82fc14d3379aa9f96c143a013980
SSDEEP

1536:hxaw0gMX6BbNrnYsS7JjEwzGi1dDqD7gS:hxwX6BbNrlS7Gi1dU0

Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

hakim32.ddns.net:2000

maximum-blame.gl.at.ply.gg:61297

Mutex

6e5aa09e9ccce5c567086a02eb08282e

Attributes

reg_key
6e5aa09e9ccce5c567086a02eb08282e
splitter
|'|'|

Targets

- Target
  
  svClienta.exe
- Size
  
  93KB
- MD5
  
  bc34c0b11293cdfc0a863882711c20ad
- SHA1
  
  4dd697ae2aea7a84ca121f0653cb2772d3ef63e6
- SHA256
  
  a16a68d2299311841391fcbe1437b28b7380af5d38f9b3a4893c0e9b42734a09
- SHA512
  
  743c14f978996cff8374ccea1352fa19c1707306df101896dd3ccd2d5b88dbe985f3be43597246768bbd7dabcd9dbbe815bb82fc14d3379aa9f96c143a013980
- SSDEEP
  
  1536:hxaw0gMX6BbNrnYsS7JjEwzGi1dDqD7gS:hxwX6BbNrlS7Gi1dU0
Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Disables Task Manager via registry modification
  evasion
- Modifies Windows Firewall
  evasion
- Drops startup file
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackeddiscoveryevasionpersistenceprivilege_escalationtrojan