njrat | f6d048de00d043dc334d6e6bcc558b86b00c589dcf54f0ea2b1423cd3ded25bb | Triage

Sharing

General

Target

cab394f76dc7daa2a8548a9d1bd0f699_JaffaCakes118
Size

355KB
Sample

241206-deyefssnhm
MD5

cab394f76dc7daa2a8548a9d1bd0f699
SHA1

fe4266bc4c82102e7cbae80f1d0b5ed73aa73c8c
SHA256

f6d048de00d043dc334d6e6bcc558b86b00c589dcf54f0ea2b1423cd3ded25bb
SHA512

e960bc345e7d9a83bf20f2e4067d72d0464e28bc07b31addc34f8f5e57eafb55b4e1a12fdf5a48d5428585f72e6cae2328c2a44ebfaa1aa6c5acb1f48cc75736
SSDEEP

6144:z8JsLcpjzTDDmHayakLkrb4NSarQW82X+t40XO+5m4iU:IzxzTDWikLSb4NS7t2X+t40XO+5iU

Score

10^/10

njrat hackeado by ~shadown discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

hackeado by ~Shadown

C2

opaeae201.zapto.org:1177

Mutex

216f293b3310c600be4683b77133b908

Attributes

reg_key
216f293b3310c600be4683b77133b908
splitter
|'|'|

Targets

- Target
  
  cab394f76dc7daa2a8548a9d1bd0f699_JaffaCakes118
- Size
  
  355KB
- MD5
  
  cab394f76dc7daa2a8548a9d1bd0f699
- SHA1
  
  fe4266bc4c82102e7cbae80f1d0b5ed73aa73c8c
- SHA256
  
  f6d048de00d043dc334d6e6bcc558b86b00c589dcf54f0ea2b1423cd3ded25bb
- SHA512
  
  e960bc345e7d9a83bf20f2e4067d72d0464e28bc07b31addc34f8f5e57eafb55b4e1a12fdf5a48d5428585f72e6cae2328c2a44ebfaa1aa6c5acb1f48cc75736
- SSDEEP
  
  6144:z8JsLcpjzTDDmHayakLkrb4NSarQW82X+t40XO+5m4iU:IzxzTDWikLSb4NS7t2X+t40XO+5iU
Score

10^/10

njrat hackeado by ~shadown discovery evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackeado by ~shadowndiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2