njrat | c42fbc81025b131b0f046e3e6de102f417e0a719966f893d550b771f6e7d0a26 | Triage

Sharing

General

Target

c42fbc81025b131b0f046e3e6de102f417e0a719966f893d550b771f6e7d0a26.exe
Size

524KB
Sample

241205-yzcnpszmgt
MD5

854dd559296301a24dd94ed9e04255e3
SHA1

35308b49108320da886ac8ea6e52b654f596d482
SHA256

c42fbc81025b131b0f046e3e6de102f417e0a719966f893d550b771f6e7d0a26
SHA512

a3bc9c2d129297dcb8e52575c6cf83d868088e0c2120b7ee50b89d14124eb2c0dee00d58502ddad0fffc7a181273fecde0fcb4af14b7dfd5c277076e781ce3c7
SSDEEP

6144:vBjKtt8sieagnL5eVhPVm+hNr+FT56xnTWyl4BK7RBm26jyzaJ/34B26CX2//GKl:vd2t8QagVeLPVlhNq156lIEg6ZCX2//x

Score

10^/10

njrat evasion persistence privilege_escalation trojan

Malware Config

Targets

- Target
  
  c42fbc81025b131b0f046e3e6de102f417e0a719966f893d550b771f6e7d0a26.exe
- Size
  
  524KB
- MD5
  
  854dd559296301a24dd94ed9e04255e3
- SHA1
  
  35308b49108320da886ac8ea6e52b654f596d482
- SHA256
  
  c42fbc81025b131b0f046e3e6de102f417e0a719966f893d550b771f6e7d0a26
- SHA512
  
  a3bc9c2d129297dcb8e52575c6cf83d868088e0c2120b7ee50b89d14124eb2c0dee00d58502ddad0fffc7a181273fecde0fcb4af14b7dfd5c277076e781ce3c7
- SSDEEP
  
  6144:vBjKtt8sieagnL5eVhPVm+hNr+FT56xnTWyl4BK7RBm26jyzaJ/34B26CX2//GKl:vd2t8QagVeLPVlhNq156lIEg6ZCX2//x
Score

10^/10

njrat evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratevasionpersistenceprivilege_escalationtrojan

behavioral2

njratevasionpersistenceprivilege_escalationtrojan