njrat | 8f4045c3361edc62e06bd54604a4386699d032d854713dec6948b2e9cc7cf8bc | Triage

Sharing

General

Target

8f4045c3361edc62e06bd54604a4386699d032d854713dec6948b2e9cc7cf8bc
Size

23KB
Sample

241122-caal6axqcq
MD5

d1f939cf0e73184cc55b1613f8f714d3
SHA1

6029e0e38bb55c8cecd5addbf2b97dd1b873a047
SHA256

8f4045c3361edc62e06bd54604a4386699d032d854713dec6948b2e9cc7cf8bc
SHA512

de4f17b6af6bf4f954e3e2c6ab397cd36a380d0fe8a9d9503bbded614827292f65093fb38d446a59244c658b34fb9bcc3a28e975ea3fe3f7a34397462d81bf71
SSDEEP

384:5cqbCK0l4h7o9SVyDGvENuh46/gJkOmMSW38mRvR6JZlbw8hqIusZzZ4G:q30py6vhxaRpcnuk

Score

10^/10

njrat teste discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

teste

C2

0.tcp.sa.ngrok.io:11048

Mutex

ed719d86ba27d032df6790b4103f925f

Attributes

reg_key
ed719d86ba27d032df6790b4103f925f
splitter
|'|'|

Targets

- Target
  
  8f4045c3361edc62e06bd54604a4386699d032d854713dec6948b2e9cc7cf8bc
- Size
  
  23KB
- MD5
  
  d1f939cf0e73184cc55b1613f8f714d3
- SHA1
  
  6029e0e38bb55c8cecd5addbf2b97dd1b873a047
- SHA256
  
  8f4045c3361edc62e06bd54604a4386699d032d854713dec6948b2e9cc7cf8bc
- SHA512
  
  de4f17b6af6bf4f954e3e2c6ab397cd36a380d0fe8a9d9503bbded614827292f65093fb38d446a59244c658b34fb9bcc3a28e975ea3fe3f7a34397462d81bf71
- SSDEEP
  
  384:5cqbCK0l4h7o9SVyDGvENuh46/gJkOmMSW38mRvR6JZlbw8hqIusZzZ4G:q30py6vhxaRpcnuk
Score

10^/10

njrat discovery evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

njratdiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

njratdiscoveryevasionpersistenceprivilege_escalationtrojan