njrat | c84613e448763706501695c1a2c3736045af7d002f9bde59f9eb5a400d46e129 | Triage

Sharing

General

Target

Server.exe
Size

23KB
Sample

241126-d3sh4sslaz
MD5

4206d7b8ea17ff84d4d17be8af877a6f
SHA1

5a5e85b13fc90453a036a141fb84b59da7fc9840
SHA256

c84613e448763706501695c1a2c3736045af7d002f9bde59f9eb5a400d46e129
SHA512

9b31b7ac1a6fca36166c9c99c356ce3e11c96fffa3845d0c606d656df4c5b7c753c75c98a1fdaafaf44c490be1468df1cf3d6433bc4667b7d163cfbc60629d65
SSDEEP

384:bqMKyOkBkRbohza8yuTUt7u06lgV4a5pzomRvR6JZlbw8hqIusZzZ3ch:J/YI1TaRpcnuT

Score

10^/10

njrat hacked discovery evasion persistence phishing privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

192.168.1.104:963

Mutex

b52a6ed9bed03eed645027382a5fbe88

Attributes

reg_key
b52a6ed9bed03eed645027382a5fbe88
splitter
|'|'|

Targets

- Target
  
  Server.exe
- Size
  
  23KB
- MD5
  
  4206d7b8ea17ff84d4d17be8af877a6f
- SHA1
  
  5a5e85b13fc90453a036a141fb84b59da7fc9840
- SHA256
  
  c84613e448763706501695c1a2c3736045af7d002f9bde59f9eb5a400d46e129
- SHA512
  
  9b31b7ac1a6fca36166c9c99c356ce3e11c96fffa3845d0c606d656df4c5b7c753c75c98a1fdaafaf44c490be1468df1cf3d6433bc4667b7d163cfbc60629d65
- SSDEEP
  
  384:bqMKyOkBkRbohza8yuTUt7u06lgV4a5pzomRvR6JZlbw8hqIusZzZ3ch:J/YI1TaRpcnuT
Score

10^/10

njrat discovery evasion persistence privilege_escalation trojan phishing
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- A potential corporate email address has been identified in the URL: PNR#bFjQRa#pw@qWSyvf
  phishing
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratdiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

njratdiscoveryevasionpersistencephishingprivilege_escalationtrojan