njrat | eac47d5ddb85eb6641368fb0341b70cc20e3fdcffd85da98ecb3215b27ce004f | Triage

Sharing

General

Target

eac47d5ddb85eb6641368fb0341b70cc20e3fdcffd85da98ecb3215b27ce004f.exe
Size

33KB
Sample

241123-vzydmaymbz
MD5

14e366c026b4e7fe1802007963212ba3
SHA1

bcc6f4cf201ea3a91b7030fd5d5d40f7c892628a
SHA256

eac47d5ddb85eb6641368fb0341b70cc20e3fdcffd85da98ecb3215b27ce004f
SHA512

2eb837fca06697d0c16fba5c6a993b4301e1c68d66e50556704d19c1b213a5d9bbd4fc9f954a348bfbd182cb0ccf60a52e19913dbe06b6f645c3c9119ee8f5ef
SSDEEP

768:kXzX7bUw2C/o26qupedBKh0p29SgRK1JF:iz7b2f/+KhG29jK1JF

Score

10^/10

njrat west-k.s.a @evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

WeSt-K.S.A @

C2

127.0.0.1:5551

Mutex

0f436963af986f0915e6f175d79d7302

Attributes

reg_key
0f436963af986f0915e6f175d79d7302
splitter
|'|'|

Targets

- Target
  
  eac47d5ddb85eb6641368fb0341b70cc20e3fdcffd85da98ecb3215b27ce004f.exe
- Size
  
  33KB
- MD5
  
  14e366c026b4e7fe1802007963212ba3
- SHA1
  
  bcc6f4cf201ea3a91b7030fd5d5d40f7c892628a
- SHA256
  
  eac47d5ddb85eb6641368fb0341b70cc20e3fdcffd85da98ecb3215b27ce004f
- SHA512
  
  2eb837fca06697d0c16fba5c6a993b4301e1c68d66e50556704d19c1b213a5d9bbd4fc9f954a348bfbd182cb0ccf60a52e19913dbe06b6f645c3c9119ee8f5ef
- SSDEEP
  
  768:kXzX7bUw2C/o26qupedBKh0p29SgRK1JF:iz7b2f/+KhG29jK1JF
Score

10^/10

njrat west-k.s.a @evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratwest-k.s.a @evasionpersistenceprivilege_escalationtrojan

behavioral2

njratwest-k.s.a @evasionpersistenceprivilege_escalationtrojan