njrat | 28fdca28192129132697fd2351bddf5262d195ca8213b2cd4214777f08ad088c | Triage

Sharing

General

Target

28fdca28192129132697fd2351bddf5262d195ca8213b2cd4214777f08ad088c.exe
Size

93KB
Sample

241121-l22dma1akd
MD5

082ed356940b12a76378f7b28ac59ee2
SHA1

03f85a2a4947a7c21b719b0a711a33bda85b3c27
SHA256

28fdca28192129132697fd2351bddf5262d195ca8213b2cd4214777f08ad088c
SHA512

72f5182ea437d66372c808045cf34868fc447aceaceb886a36b55b96cbc94a960ff1e3153f3961dad129c186e8440741ae4a96ac9298d7be5a6081a8332030a9
SSDEEP

768:LY3WgBBkpjTMpALPGMtsas88EtNXhe9f1mxCXxrjEtCdnl2pi1Rz4Rk3KsGdpSgr:zgjkVbPGHz88EbW1pjEwzGi1dDmDSgSA

Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

hakim32.ddns.net:2000

127.0.0.1:7777

Mutex

f24666adf22d8a7ee39c578f56a54267

Attributes

reg_key
f24666adf22d8a7ee39c578f56a54267
splitter
|'|'|

Targets

- Target
  
  28fdca28192129132697fd2351bddf5262d195ca8213b2cd4214777f08ad088c.exe
- Size
  
  93KB
- MD5
  
  082ed356940b12a76378f7b28ac59ee2
- SHA1
  
  03f85a2a4947a7c21b719b0a711a33bda85b3c27
- SHA256
  
  28fdca28192129132697fd2351bddf5262d195ca8213b2cd4214777f08ad088c
- SHA512
  
  72f5182ea437d66372c808045cf34868fc447aceaceb886a36b55b96cbc94a960ff1e3153f3961dad129c186e8440741ae4a96ac9298d7be5a6081a8332030a9
- SSDEEP
  
  768:LY3WgBBkpjTMpALPGMtsas88EtNXhe9f1mxCXxrjEtCdnl2pi1Rz4Rk3KsGdpSgr:zgjkVbPGHz88EbW1pjEwzGi1dDmDSgSA
Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Disables Task Manager via registry modification
  evasion
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackeddiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

discoveryevasionpersistenceprivilege_escalation