njrat | 34a843564645e75e6e95cf4bf079dcdf56ba51eca758cad65e0d986bbe359560 | Triage

Sharing

General

Target

34a843564645e75e6e95cf4bf079dcdf56ba51eca758cad65e0d986bbe359560.exe
Size

95KB
Sample

241123-qwjnvaskcq
MD5

28cfadb2dc13d3274d30e5117757420f
SHA1

1364505c347631d3b33b36c9f6497abff3d35f2e
SHA256

34a843564645e75e6e95cf4bf079dcdf56ba51eca758cad65e0d986bbe359560
SHA512

435bab82617962e03442de4b1c65af8291c3e633703670abaf6ad379e989c34724318f7fc12f4354b9557a82b06f86fc66f16a53b96dfc8b154f6f15aa3e491b
SSDEEP

1536:8+ZQMGdeUwljEoKayOxdcJx7OXMHwhkVfjobkZKQ5x1AkSpoHHNLHieBbq:8+ZQMtU9Jx7OXMHwhkVfjobkZKQ5x1Du

Score

10^/10

njrat scammer discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

scammer

C2

oxy01.linkpc.net:1177

Mutex

08f4dc96bbb7af09d1a37fe35c75a42f

Attributes

reg_key
08f4dc96bbb7af09d1a37fe35c75a42f
splitter
|'|'|

Targets

- Target
  
  34a843564645e75e6e95cf4bf079dcdf56ba51eca758cad65e0d986bbe359560.exe
- Size
  
  95KB
- MD5
  
  28cfadb2dc13d3274d30e5117757420f
- SHA1
  
  1364505c347631d3b33b36c9f6497abff3d35f2e
- SHA256
  
  34a843564645e75e6e95cf4bf079dcdf56ba51eca758cad65e0d986bbe359560
- SHA512
  
  435bab82617962e03442de4b1c65af8291c3e633703670abaf6ad379e989c34724318f7fc12f4354b9557a82b06f86fc66f16a53b96dfc8b154f6f15aa3e491b
- SSDEEP
  
  1536:8+ZQMGdeUwljEoKayOxdcJx7OXMHwhkVfjobkZKQ5x1AkSpoHHNLHieBbq:8+ZQMtU9Jx7OXMHwhkVfjobkZKQ5x1Du
Score

10^/10

njrat scammer discovery evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratscammerdiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

njratscammerdiscoveryevasionpersistenceprivilege_escalationtrojan