njrat | 76ccca5e07e95af3bcd49eb6828c233c1153661910971c83faa39f8c9f96bb9f | Triage

Sharing

General

Target

76ccca5e07e95af3bcd49eb6828c233c1153661910971c83faa39f8c9f96bb9fN.exe
Size

1.7MB
Sample

241203-pk3f5svpbt
MD5

c2334bd0aa9099b8f78ce13c8dd3ca80
SHA1

3073f75428cffb8e3e4df4e415a9faec92e95ee9
SHA256

76ccca5e07e95af3bcd49eb6828c233c1153661910971c83faa39f8c9f96bb9f
SHA512

acbcddf835ba1ffb28b56420d17d6528799e03988bd321a87e1021e5df3d2efeeae6a106e23843dcba122997d7eb74939357b8e1f3079ea47c972a7f2cb46f45
SSDEEP

49152:95JYY7I66osv7LysFBAmsx0Rbt0FPTudD:pYYbrsCsFnH0F72D

Score

10^/10

njrat strangerjack discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

strangerjack

C2

127.0.0.1:6666

Mutex

11449a6d98419174eacab32de56c3d2c

Attributes

reg_key
11449a6d98419174eacab32de56c3d2c
splitter
|'|'|

Targets

- Target
  
  76ccca5e07e95af3bcd49eb6828c233c1153661910971c83faa39f8c9f96bb9fN.exe
- Size
  
  1.7MB
- MD5
  
  c2334bd0aa9099b8f78ce13c8dd3ca80
- SHA1
  
  3073f75428cffb8e3e4df4e415a9faec92e95ee9
- SHA256
  
  76ccca5e07e95af3bcd49eb6828c233c1153661910971c83faa39f8c9f96bb9f
- SHA512
  
  acbcddf835ba1ffb28b56420d17d6528799e03988bd321a87e1021e5df3d2efeeae6a106e23843dcba122997d7eb74939357b8e1f3079ea47c972a7f2cb46f45
- SSDEEP
  
  49152:95JYY7I66osv7LysFBAmsx0Rbt0FPTudD:pYYbrsCsFnH0F72D
Score

10^/10

njrat strangerjack discovery evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratstrangerjackdiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

njratstrangerjackdiscoveryevasionpersistenceprivilege_escalationtrojan