njrat | 39e8ba6f38d52bb24f88ebcbfbca1789535664226b71dfaae2e3571c5aea08c0 | Triage

Sharing

General

Target

39e8ba6f38d52bb24f88ebcbfbca1789535664226b71dfaae2e3571c5aea08c0.exe
Size

75KB
Sample

241203-r9nemazlbz
MD5

22ce647526270fdbd18e1e4e603482f3
SHA1

1564549571731bbae399933b8e5d59525bd44ffd
SHA256

39e8ba6f38d52bb24f88ebcbfbca1789535664226b71dfaae2e3571c5aea08c0
SHA512

24c8e1b7031dacc87abcfb8cc16f2fd8e1ef3b86661e4200b87fb395db1d797babbd4163a09d2507f00baf81f0ad188d3c153361136853b840bc75912fa9cfe0
SSDEEP

1536:zd/KqwpacXtNYjonQekfnBTIVXFyeOkTMO8hzGXZ5ZF:zdrEBdNYjo/kiVgk4ThSHZF

Score

10^/10

njrat تــــــــــــــــلغيم الســـــــــــــــــــــــــ evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

تــــــــــــــــلغيم الســـــــــــــــــــــــــيد آسسسسسد الديـــــراني ...

C2

army.ddns.net:1180

Mutex

322327d13a2d77e5f8392bd8b7d06a37

Attributes

reg_key
322327d13a2d77e5f8392bd8b7d06a37
splitter
|'|'|

Targets

- Target
  
  39e8ba6f38d52bb24f88ebcbfbca1789535664226b71dfaae2e3571c5aea08c0.exe
- Size
  
  75KB
- MD5
  
  22ce647526270fdbd18e1e4e603482f3
- SHA1
  
  1564549571731bbae399933b8e5d59525bd44ffd
- SHA256
  
  39e8ba6f38d52bb24f88ebcbfbca1789535664226b71dfaae2e3571c5aea08c0
- SHA512
  
  24c8e1b7031dacc87abcfb8cc16f2fd8e1ef3b86661e4200b87fb395db1d797babbd4163a09d2507f00baf81f0ad188d3c153361136853b840bc75912fa9cfe0
- SSDEEP
  
  1536:zd/KqwpacXtNYjonQekfnBTIVXFyeOkTMO8hzGXZ5ZF:zdrEBdNYjo/kiVgk4ThSHZF
Score

10^/10

njrat تــــــــــــــــلغيم الســـــــــــــــــــــــــ evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratتــــــــــــــــلغيم الســـــــــــــــــــــــــevasionpersistenceprivilege_escalationtrojan

behavioral2

njratتــــــــــــــــلغيم الســـــــــــــــــــــــــevasionpersistenceprivilege_escalationtrojan