General
-
Target
NjRat.0.7D-main(1).zip
-
Size
48.8MB
-
Sample
241209-r59r3a1mav
-
MD5
80d3d5163cafe75e0f2d1666a4c65414
-
SHA1
b94d1e8abcf337c888f403e4e7563c896fa7d51c
-
SHA256
d96bb6e66aef5a2901a0bfb80df3382d79cdcf60c9916badf27b456244bc6929
-
SHA512
d606abeacdb158dfdfabd89d7e3c12800704faa499821d01494899d5c36d93d2cc540d8747633535e148abffba4ac8c1fb3016fc03535c3d75cf74edd34daae3
-
SSDEEP
1572864:u5rfgndUOnIfRGjDT159RHXDZ8411rbYfkI:u5rf0mOnGRaThBZ84frUsI
Behavioral task
behavioral1
Sample
NjRat.0.7D-main(1).zip
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral2
Sample
NjRat.0.7D-main(1).zip
Resource
win11-20241007-en
Malware Config
Extracted
njrat
Njrat 0.7 Golden By Hassan Amiri
:
[RNVD]
-
reg_key
[RNVD]
-
splitter
|Hassan|
Extracted
njrat
0.7d
monke
hakim32.ddns.net:2000
127.0.0.1:5552
03ee21e2b9447b703490c88d66ec84f2
-
reg_key
03ee21e2b9447b703490c88d66ec84f2
-
splitter
|'|'|
Targets
-
-
Target
NjRat.0.7D-main(1).zip
-
Size
48.8MB
-
MD5
80d3d5163cafe75e0f2d1666a4c65414
-
SHA1
b94d1e8abcf337c888f403e4e7563c896fa7d51c
-
SHA256
d96bb6e66aef5a2901a0bfb80df3382d79cdcf60c9916badf27b456244bc6929
-
SHA512
d606abeacdb158dfdfabd89d7e3c12800704faa499821d01494899d5c36d93d2cc540d8747633535e148abffba4ac8c1fb3016fc03535c3d75cf74edd34daae3
-
SSDEEP
1572864:u5rfgndUOnIfRGjDT159RHXDZ8411rbYfkI:u5rf0mOnGRaThBZ84frUsI
-
Njrat family
-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1