njrat | bf1c69aba40885eb0054d51112e1afeeb44097f9127089f4ba80aa8d2091dab8 | Triage

Sharing

General

Target

bf1c69aba40885eb0054d51112e1afeeb44097f9127089f4ba80aa8d2091dab8N.exe
Size

23KB
Sample

241205-a7gqmazlcy
MD5

ad38f19d1cd91d87380e51320460d7d0
SHA1

4899fb4dc7e32438125f0bf4fe55519b8f041da0
SHA256

bf1c69aba40885eb0054d51112e1afeeb44097f9127089f4ba80aa8d2091dab8
SHA512

2272bf1aaceeb42794bac65982b403662d6c12dc395138735d2f6d4635cecd55de047a1ab76360efc41c05dc9f32e4b5ed09dffc7cb2ca60353338b0b823ea1f
SSDEEP

384:9luBPiZCMfdfSJrQbsLRGSIxYVL46pg/i8BD9BmRvR6JZlbw8hqIusZzZg67:SOmhtIiRpcnuf0

Score

10^/10

njrat lammer discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Lammer

C2

bielserver.duckdns.org:7778

Mutex

6c26bb082e8cb4ff278e1067d3256202

Attributes

reg_key
6c26bb082e8cb4ff278e1067d3256202
splitter
|'|'|

Targets

- Target
  
  bf1c69aba40885eb0054d51112e1afeeb44097f9127089f4ba80aa8d2091dab8N.exe
- Size
  
  23KB
- MD5
  
  ad38f19d1cd91d87380e51320460d7d0
- SHA1
  
  4899fb4dc7e32438125f0bf4fe55519b8f041da0
- SHA256
  
  bf1c69aba40885eb0054d51112e1afeeb44097f9127089f4ba80aa8d2091dab8
- SHA512
  
  2272bf1aaceeb42794bac65982b403662d6c12dc395138735d2f6d4635cecd55de047a1ab76360efc41c05dc9f32e4b5ed09dffc7cb2ca60353338b0b823ea1f
- SSDEEP
  
  384:9luBPiZCMfdfSJrQbsLRGSIxYVL46pg/i8BD9BmRvR6JZlbw8hqIusZzZg67:SOmhtIiRpcnuf0
Score

10^/10

njrat discovery evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratdiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

njratdiscoveryevasionpersistenceprivilege_escalationtrojan