njrat | 36a5c20b333ff27185cf9e555daefd2055c18246a92dc44bd75a30b73e70aa49 | Triage

Sharing

General

Target

36a5c20b333ff27185cf9e555daefd2055c18246a92dc44bd75a30b73e70aa49N.exe
Size

524KB
Sample

241204-292x5askeq
MD5

ebe1803f8f2b4be01f91000214e71260
SHA1

53669e850f9d5a93739f9dffd1719ab88951094d
SHA256

36a5c20b333ff27185cf9e555daefd2055c18246a92dc44bd75a30b73e70aa49
SHA512

dfac3f34ec42be279d6a6249bc653a024cd3a5c2a8ebbd5dea1ef22b28b91e312d87c7bbb514d50e1e1ecd29a199b4218f3b4b22a18d124d24006de21dc139b7
SSDEEP

6144:vBjKtt8sieagnL5eVhPVm+hNr+FT56xnTWyl4BK7RBm26jyzaJ/34B26CX2//GK4:vd2t8QagVeLPVlhNq156lIEg6ZCX2//

Score

10^/10

njrat evasion persistence privilege_escalation trojan

Malware Config

Targets

- Target
  
  36a5c20b333ff27185cf9e555daefd2055c18246a92dc44bd75a30b73e70aa49N.exe
- Size
  
  524KB
- MD5
  
  ebe1803f8f2b4be01f91000214e71260
- SHA1
  
  53669e850f9d5a93739f9dffd1719ab88951094d
- SHA256
  
  36a5c20b333ff27185cf9e555daefd2055c18246a92dc44bd75a30b73e70aa49
- SHA512
  
  dfac3f34ec42be279d6a6249bc653a024cd3a5c2a8ebbd5dea1ef22b28b91e312d87c7bbb514d50e1e1ecd29a199b4218f3b4b22a18d124d24006de21dc139b7
- SSDEEP
  
  6144:vBjKtt8sieagnL5eVhPVm+hNr+FT56xnTWyl4BK7RBm26jyzaJ/34B26CX2//GK4:vd2t8QagVeLPVlhNq156lIEg6ZCX2//
Score

10^/10

njrat evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratevasionpersistenceprivilege_escalationtrojan

behavioral2

njratevasionpersistenceprivilege_escalationtrojan