njrat | 716b8087f68d13fe8ec877f3e76647e4ee793553fe88209b81ed18fb19cc4dae | Triage

Sharing

General

Target

716b8087f68d13fe8ec877f3e76647e4ee793553fe88209b81ed18fb19cc4dae.exe
Size

33KB
Sample

241123-d8wsqaxnbx
MD5

cbc3ba5ff5dce22c93e71c9553ed0305
SHA1

9281a46b14cfd914241344cfda34e254ea899555
SHA256

716b8087f68d13fe8ec877f3e76647e4ee793553fe88209b81ed18fb19cc4dae
SHA512

173760c827f02b9120281c39856933c99c61ab5c96f38c86407141e20d0265985864043c9cf25793b39949306fef37145d41db70037b9d31b354d5667b0bad24
SSDEEP

768:VvTxsrbTI3IOTTSylBJ4HjQ9lNaWM4trptIqLdDr:tUb7cBJ4DsaW5jtI2

Score

10^/10

njrat hacked evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

rxlwee.ddns.net:5552

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|'|'|

Targets

- Target
  
  716b8087f68d13fe8ec877f3e76647e4ee793553fe88209b81ed18fb19cc4dae.exe
- Size
  
  33KB
- MD5
  
  cbc3ba5ff5dce22c93e71c9553ed0305
- SHA1
  
  9281a46b14cfd914241344cfda34e254ea899555
- SHA256
  
  716b8087f68d13fe8ec877f3e76647e4ee793553fe88209b81ed18fb19cc4dae
- SHA512
  
  173760c827f02b9120281c39856933c99c61ab5c96f38c86407141e20d0265985864043c9cf25793b39949306fef37145d41db70037b9d31b354d5667b0bad24
- SSDEEP
  
  768:VvTxsrbTI3IOTTSylBJ4HjQ9lNaWM4trptIqLdDr:tUb7cBJ4DsaW5jtI2
Score

10^/10

njrat hacked evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathacked evasionpersistenceprivilege_escalationtrojan

behavioral2

njrathacked evasionpersistenceprivilege_escalationtrojan