njrat | 129508fb80394f809422ce111d6f0585a0f3cb19f4cb241ff0280dad9c735816 | Triage

Sharing

General

Target

129508fb80394f809422ce111d6f0585a0f3cb19f4cb241ff0280dad9c735816N.exe
Size

75KB
Sample

241202-d8js6axqat
MD5

ef44fbf9d732ad3453c55f0c0cdcec80
SHA1

7c5d0eb828dc89d4388051e256e286f36976c6f0
SHA256

129508fb80394f809422ce111d6f0585a0f3cb19f4cb241ff0280dad9c735816
SHA512

f3be7bcf0e21d774db18e27da4d2bf40886803435269bfa7a317513624d3ef0fcc7c665e053b2aa2c74e5b4f4e14264baf56d761a688ff8ce35af333699ba2f2
SSDEEP

1536:zd/KqwpacXtNYjonQekfnBTIVXFyeOkTMO8hzGXZ5Z:zdrEBdNYjo/kiVgk4ThSHZ

Score

10^/10

njrat تــــــــــــــــلغيم الســـــــــــــــــــــــــ evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

تــــــــــــــــلغيم الســـــــــــــــــــــــــيد آسسسسسد الديـــــراني ...

C2

army.ddns.net:1180

Mutex

322327d13a2d77e5f8392bd8b7d06a37

Attributes

reg_key
322327d13a2d77e5f8392bd8b7d06a37
splitter
|'|'|

Targets

- Target
  
  129508fb80394f809422ce111d6f0585a0f3cb19f4cb241ff0280dad9c735816N.exe
- Size
  
  75KB
- MD5
  
  ef44fbf9d732ad3453c55f0c0cdcec80
- SHA1
  
  7c5d0eb828dc89d4388051e256e286f36976c6f0
- SHA256
  
  129508fb80394f809422ce111d6f0585a0f3cb19f4cb241ff0280dad9c735816
- SHA512
  
  f3be7bcf0e21d774db18e27da4d2bf40886803435269bfa7a317513624d3ef0fcc7c665e053b2aa2c74e5b4f4e14264baf56d761a688ff8ce35af333699ba2f2
- SSDEEP
  
  1536:zd/KqwpacXtNYjonQekfnBTIVXFyeOkTMO8hzGXZ5Z:zdrEBdNYjo/kiVgk4ThSHZ
Score

10^/10

njrat تــــــــــــــــلغيم الســـــــــــــــــــــــــ evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratتــــــــــــــــلغيم الســـــــــــــــــــــــــevasionpersistenceprivilege_escalationtrojan

behavioral2

njratتــــــــــــــــلغيم الســـــــــــــــــــــــــevasionpersistenceprivilege_escalationtrojan