njrat | be4b529ab79a6cd79946fdf53e495acb03e1929f07d6fd3f5ff91d2d4e03ffd8 | Triage

Sharing

General

Target

c16c138db72790c64dad77b1ef3b1341_JaffaCakes118
Size

119KB
Sample

241204-h2bw7axlaz
MD5

c16c138db72790c64dad77b1ef3b1341
SHA1

8ca360700869fca0cf05e076b81ca7b32c301541
SHA256

be4b529ab79a6cd79946fdf53e495acb03e1929f07d6fd3f5ff91d2d4e03ffd8
SHA512

1af56e6fae714923e393641a1a8608535eacaa7de5e186ca2af96110aba105fc806bd10d81a26afcb4a38a51acc415924aeca5d54f1dde0f7e9263ed85a605fe
SSDEEP

3072:p16XRzvqyJ8oFs9/MQgKg0UGiGrhg12Q:PgzO

Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

kali111.ddns.net:5555

Mutex

1e682996562289015619f35a0606076d

Attributes

reg_key
1e682996562289015619f35a0606076d
splitter
|'|'|

Targets

- Target
  
  c16c138db72790c64dad77b1ef3b1341_JaffaCakes118
- Size
  
  119KB
- MD5
  
  c16c138db72790c64dad77b1ef3b1341
- SHA1
  
  8ca360700869fca0cf05e076b81ca7b32c301541
- SHA256
  
  be4b529ab79a6cd79946fdf53e495acb03e1929f07d6fd3f5ff91d2d4e03ffd8
- SHA512
  
  1af56e6fae714923e393641a1a8608535eacaa7de5e186ca2af96110aba105fc806bd10d81a26afcb4a38a51acc415924aeca5d54f1dde0f7e9263ed85a605fe
- SSDEEP
  
  3072:p16XRzvqyJ8oFs9/MQgKg0UGiGrhg12Q:PgzO
Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackeddiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

njrathackeddiscoveryevasionpersistenceprivilege_escalationtrojan