njrat | 2b3390ab9e97638e5bf4a5131a2eb0cfa6e7cef1e972ed7e70e49b7f2062127c | Triage

Sharing

General

Target

9fc0d93c921dd82776e4e46e0bc906eb_JaffaCakes118
Size

234KB
Sample

241126-etfnmazraq
MD5

9fc0d93c921dd82776e4e46e0bc906eb
SHA1

4e97904dca108d23aaa9e40b8610b0bedc64995c
SHA256

2b3390ab9e97638e5bf4a5131a2eb0cfa6e7cef1e972ed7e70e49b7f2062127c
SHA512

6f623ce4cfe12373286b31fc76c33fc3cf92b6c34fa51d2c2464b6774e475dd198e35b2a7c0fff61f47a8094cd78b1e76e2120674b5657f07c175155dd060e08
SSDEEP

6144:8QCk112GhNuqi7mnUjtO6u4OKA7oF/umnQehHf:Z/2iNUj062KAc/umnQ2f

Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

zohirsenia.ddns.net:1992

Mutex

e6bd6ea3a1a773d8faedd50a09ddc74f

Attributes

reg_key
e6bd6ea3a1a773d8faedd50a09ddc74f
splitter
|'|'|

Targets

- Target
  
  9fc0d93c921dd82776e4e46e0bc906eb_JaffaCakes118
- Size
  
  234KB
- MD5
  
  9fc0d93c921dd82776e4e46e0bc906eb
- SHA1
  
  4e97904dca108d23aaa9e40b8610b0bedc64995c
- SHA256
  
  2b3390ab9e97638e5bf4a5131a2eb0cfa6e7cef1e972ed7e70e49b7f2062127c
- SHA512
  
  6f623ce4cfe12373286b31fc76c33fc3cf92b6c34fa51d2c2464b6774e475dd198e35b2a7c0fff61f47a8094cd78b1e76e2120674b5657f07c175155dd060e08
- SSDEEP
  
  6144:8QCk112GhNuqi7mnUjtO6u4OKA7oF/umnQehHf:Z/2iNUj062KAc/umnQ2f
Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackeddiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2