njrat | 5f8a46741126a6811e8b5c37e65625bd4e51915d7fc37a5f19f7a9814239c584 | Triage

Sharing

General

Target

5f8a46741126a6811e8b5c37e65625bd4e51915d7fc37a5f19f7a9814239c584.exe
Size

23KB
Sample

241204-3r5fzatjdl
MD5

66469a76dfd4d07f1f1bdd05f97aeb83
SHA1

4d55fafe75aee458891328d7a690e4eb45f78976
SHA256

5f8a46741126a6811e8b5c37e65625bd4e51915d7fc37a5f19f7a9814239c584
SHA512

7dd1c8ea268bb70a107bbb7053d16937fc74305ddb514b8466208de1060489712749575d28473ff05598501777168900c24d6f60c5830ceeee1dbf222e481d46
SSDEEP

384:TluBPiZCMfdfSJrQbsLRGSIxYVL46pg/i8BD9BmRvR6JZlbw8hqIusZzZg61z:8OmhtIiRpcnuf6z

Score

10^/10

njrat lammer discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Lammer

C2

bielserver.duckdns.org:7778

Mutex

6c26bb082e8cb4ff278e1067d3256202

Attributes

reg_key
6c26bb082e8cb4ff278e1067d3256202
splitter
|'|'|

Targets

- Target
  
  5f8a46741126a6811e8b5c37e65625bd4e51915d7fc37a5f19f7a9814239c584.exe
- Size
  
  23KB
- MD5
  
  66469a76dfd4d07f1f1bdd05f97aeb83
- SHA1
  
  4d55fafe75aee458891328d7a690e4eb45f78976
- SHA256
  
  5f8a46741126a6811e8b5c37e65625bd4e51915d7fc37a5f19f7a9814239c584
- SHA512
  
  7dd1c8ea268bb70a107bbb7053d16937fc74305ddb514b8466208de1060489712749575d28473ff05598501777168900c24d6f60c5830ceeee1dbf222e481d46
- SSDEEP
  
  384:TluBPiZCMfdfSJrQbsLRGSIxYVL46pg/i8BD9BmRvR6JZlbw8hqIusZzZg61z:8OmhtIiRpcnuf6z
Score

10^/10

njrat discovery evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratdiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

njratdiscoveryevasionpersistenceprivilege_escalationtrojan