njrat | 1bf328416c90441cfbd32c37acb0628235abcfc58a9513e44ae5a65b7a5dd572 | Triage

Sharing

General

Target

1bf328416c90441cfbd32c37acb0628235abcfc58a9513e44ae5a65b7a5dd572.exe
Size

23KB
Sample

241204-1j69gsylal
MD5

77e598446339dd71842fc4e815e08657
SHA1

d3cafa3ad4fffa97f9c41f7e05385e57a6bd053c
SHA256

1bf328416c90441cfbd32c37acb0628235abcfc58a9513e44ae5a65b7a5dd572
SHA512

e9be715c9eaa1c52c6cd83031a5e58e90ed28acc8b2f06d88dcd10af28942d098e9e783e4f697ea87508099ae7578d06f1cf7b1dd06cffd7b3b27ba1ecae095c
SSDEEP

384:9luBPiZCMfdfSJrQbsLRGSIxYVL46pg/i8BD9BmRvR6JZlbw8hqIusZzZg67b:SOmhtIiRpcnuf0b

Score

10^/10

njrat lammer discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Lammer

C2

bielserver.duckdns.org:7778

Mutex

6c26bb082e8cb4ff278e1067d3256202

Attributes

reg_key
6c26bb082e8cb4ff278e1067d3256202
splitter
|'|'|

Targets

- Target
  
  1bf328416c90441cfbd32c37acb0628235abcfc58a9513e44ae5a65b7a5dd572.exe
- Size
  
  23KB
- MD5
  
  77e598446339dd71842fc4e815e08657
- SHA1
  
  d3cafa3ad4fffa97f9c41f7e05385e57a6bd053c
- SHA256
  
  1bf328416c90441cfbd32c37acb0628235abcfc58a9513e44ae5a65b7a5dd572
- SHA512
  
  e9be715c9eaa1c52c6cd83031a5e58e90ed28acc8b2f06d88dcd10af28942d098e9e783e4f697ea87508099ae7578d06f1cf7b1dd06cffd7b3b27ba1ecae095c
- SSDEEP
  
  384:9luBPiZCMfdfSJrQbsLRGSIxYVL46pg/i8BD9BmRvR6JZlbw8hqIusZzZg67b:SOmhtIiRpcnuf0b
Score

10^/10

njrat discovery evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratdiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

njratdiscoveryevasionpersistenceprivilege_escalationtrojan