njrat | 66d18cdee8166925c8f04fe2635bfdf9549765db7dd5c8bcee6f7a282bf60720 | Triage

Sharing

General

Target

d5ef4908d73f1258311f9775e500b53a_JaffaCakes118
Size

29KB
Sample

241208-jensxaskeq
MD5

d5ef4908d73f1258311f9775e500b53a
SHA1

73306ad9b2e7a8683cfeebad89b66e97f2e9bbd2
SHA256

66d18cdee8166925c8f04fe2635bfdf9549765db7dd5c8bcee6f7a282bf60720
SHA512

1910e29d7842bee31bcae2a13c8442361a909cb3586ce005ee77f74903e3c68095c51a9049e9975868e639bab2ee95d41924827d63ebaa7353cf0fac0e42b332
SSDEEP

768:beu75oa4fu124AqFjXeJBKh0p29SgRwS:H75CPkj8KhG29jwS

Score

10^/10

njrat victom discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

victom

C2

sphack7.no-ip.biz:1177

Mutex

46d93431630fc8e404fed7204e708738

Attributes

reg_key
46d93431630fc8e404fed7204e708738
splitter
|'|'|

Targets

- Target
  
  d5ef4908d73f1258311f9775e500b53a_JaffaCakes118
- Size
  
  29KB
- MD5
  
  d5ef4908d73f1258311f9775e500b53a
- SHA1
  
  73306ad9b2e7a8683cfeebad89b66e97f2e9bbd2
- SHA256
  
  66d18cdee8166925c8f04fe2635bfdf9549765db7dd5c8bcee6f7a282bf60720
- SHA512
  
  1910e29d7842bee31bcae2a13c8442361a909cb3586ce005ee77f74903e3c68095c51a9049e9975868e639bab2ee95d41924827d63ebaa7353cf0fac0e42b332
- SSDEEP
  
  768:beu75oa4fu124AqFjXeJBKh0p29SgRwS:H75CPkj8KhG29jwS
Score

10^/10

njrat victom discovery evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratvictomdiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

discoveryevasionpersistenceprivilege_escalation