njrat | 4e9e0a6041a348e713a6b919cb7f2e0754dd22cb046e1b1ef0e222543038e9ab | Triage

Sharing

General

Target

Server.exe
Size

23KB
Sample

241202-sm18msyrev
MD5

eec3e4c86729b800330a8b0312478e58
SHA1

93110b4284258f34d73a14c329623be1f1cffb9c
SHA256

4e9e0a6041a348e713a6b919cb7f2e0754dd22cb046e1b1ef0e222543038e9ab
SHA512

e0cf6aa0110de1eed199ed0c63c5622067f20347ed66a12fb8933b92935699687ecc690ca2d7146a6ceee3f0431563d53c4d988a40dfa8ea29adde5ea5a52a25
SSDEEP

384:qYmdk8XvCJrQLdRGSiEYo7Y65gPyx6BDXNRmRvR6JZlbw8hqIusZzZy3ly:9wWkti8aeRpcnuL0

Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

cnet-contracting.gl.at.ply.gg:10206

Mutex

cf2a6cabb60ab913a0c3e3caa2c47947

Attributes

reg_key
cf2a6cabb60ab913a0c3e3caa2c47947
splitter
|'|'|

Targets

- Target
  
  Server.exe
- Size
  
  23KB
- MD5
  
  eec3e4c86729b800330a8b0312478e58
- SHA1
  
  93110b4284258f34d73a14c329623be1f1cffb9c
- SHA256
  
  4e9e0a6041a348e713a6b919cb7f2e0754dd22cb046e1b1ef0e222543038e9ab
- SHA512
  
  e0cf6aa0110de1eed199ed0c63c5622067f20347ed66a12fb8933b92935699687ecc690ca2d7146a6ceee3f0431563d53c4d988a40dfa8ea29adde5ea5a52a25
- SSDEEP
  
  384:qYmdk8XvCJrQLdRGSiEYo7Y65gPyx6BDXNRmRvR6JZlbw8hqIusZzZy3ly:9wWkti8aeRpcnuL0
Score

10^/10

njrat discovery evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratdiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

njratdiscoveryevasionpersistenceprivilege_escalationtrojan