njrat | f8b23a264f58e9001e087af2bf48eed5938db31b5b1b20d973575cfa6a121355 | Triage

Sharing

General

Target

f8b23a264f58e9001e087af2bf48eed5938db31b5b1b20d973575cfa6a121355
Size

23KB
Sample

241128-a971layjbt
MD5

2697c90051b724a80526c5b8b47e5df4
SHA1

749d44fe2640504f15e9bf7b697f1017c8c2637d
SHA256

f8b23a264f58e9001e087af2bf48eed5938db31b5b1b20d973575cfa6a121355
SHA512

d0c8d76699f2f88d76eeaf211e59a780969b7692b513495a34013af8380d3fe0616caf03c6e47b8e7721d2f0a369c1dd20860b755b7d607783a99080c5f5315b
SSDEEP

384:V8aSyS9gB3Y1KIay2X8cLZI6XgxsGJVPpmRvR6JZlbw8hqIusZzZDU:G589tXvRpcnuj

Score

10^/10

njrat mohib discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

mohib

C2

mohibkal.publicvm.com:1978

Mutex

c14a42d030a82215ba6bc24288fc11a4

Attributes

reg_key
c14a42d030a82215ba6bc24288fc11a4
splitter
|'|'|

Targets

- Target
  
  f8b23a264f58e9001e087af2bf48eed5938db31b5b1b20d973575cfa6a121355
- Size
  
  23KB
- MD5
  
  2697c90051b724a80526c5b8b47e5df4
- SHA1
  
  749d44fe2640504f15e9bf7b697f1017c8c2637d
- SHA256
  
  f8b23a264f58e9001e087af2bf48eed5938db31b5b1b20d973575cfa6a121355
- SHA512
  
  d0c8d76699f2f88d76eeaf211e59a780969b7692b513495a34013af8380d3fe0616caf03c6e47b8e7721d2f0a369c1dd20860b755b7d607783a99080c5f5315b
- SSDEEP
  
  384:V8aSyS9gB3Y1KIay2X8cLZI6XgxsGJVPpmRvR6JZlbw8hqIusZzZDU:G589tXvRpcnuj
Score

10^/10

njrat mohib discovery evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratmohibdiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

njratdiscoveryevasionpersistenceprivilege_escalationtrojan