njrat | ba061d0daea0f5a226bb6d9b29d7a20245a7f88d939b67496f333056577a15dc | Triage

Sharing

General

Target

ba061d0daea0f5a226bb6d9b29d7a20245a7f88d939b67496f333056577a15dc.exe
Size

103KB
Sample

241124-d2ldeasjev
MD5

1f4de87fcf4efff331d265cf1fc34a11
SHA1

a8ac921aa829d9216258259c1fe9db4f442345b9
SHA256

ba061d0daea0f5a226bb6d9b29d7a20245a7f88d939b67496f333056577a15dc
SHA512

b6cdaa5fba1dcd71b7135051865f3c428753b98ba44afa229d8fa8015a8b961205fafb10214d71c9e55c32ccdea3a38af1c10ec002665ffb472bf9c95b7e9ab2
SSDEEP

1536:zu9ckBKj047HNs17gJEnRrRdy8KYmLQNojh+qoeWyHUiswADVXss25qB3bxVRsNB:2ckBKVmpBL9ms6A6TjBgPXrsb

Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

HacKed

C2

oxy01.linkpc.net:1177

Mutex

08f4dc96bbb7af09d1a37fe35c75a42f

Attributes

reg_key
08f4dc96bbb7af09d1a37fe35c75a42f
splitter
|'|'|

Targets

- Target
  
  ba061d0daea0f5a226bb6d9b29d7a20245a7f88d939b67496f333056577a15dc.exe
- Size
  
  103KB
- MD5
  
  1f4de87fcf4efff331d265cf1fc34a11
- SHA1
  
  a8ac921aa829d9216258259c1fe9db4f442345b9
- SHA256
  
  ba061d0daea0f5a226bb6d9b29d7a20245a7f88d939b67496f333056577a15dc
- SHA512
  
  b6cdaa5fba1dcd71b7135051865f3c428753b98ba44afa229d8fa8015a8b961205fafb10214d71c9e55c32ccdea3a38af1c10ec002665ffb472bf9c95b7e9ab2
- SSDEEP
  
  1536:zu9ckBKj047HNs17gJEnRrRdy8KYmLQNojh+qoeWyHUiswADVXss25qB3bxVRsNB:2ckBKVmpBL9ms6A6TjBgPXrsb
Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackeddiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

njrathackeddiscoveryevasionpersistenceprivilege_escalationtrojan