njrat | 4a16f3b48425de38d03e4c5f0d902ade1310b6f4ae413354b5a9949e7a895472 | Triage

Sharing

General

Target

eccd8b676bdc00e2bca6837225d0de82_JaffaCakes118
Size

127KB
Sample

241213-w2mkksxkfx
MD5

eccd8b676bdc00e2bca6837225d0de82
SHA1

fcd9d9f947250d807d25e47f71b1e4d33a722c94
SHA256

4a16f3b48425de38d03e4c5f0d902ade1310b6f4ae413354b5a9949e7a895472
SHA512

702621e4aee8f0fac1535798abdc1d8e3c731f8449ce2b6c14657fddeecafb8ca17d9fd587e7c7ac0c4668dba40b98a8b77508981d6f30c2d8478396131a19ff
SSDEEP

3072:jn9ZdSp05IdUts+n+mI8/EUWnBLeQiv04/LvN6OdA/b1M5X:jZQ0FtsM8UkL8vJLpdy2X

Score

10^/10

njrat 110821 discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

110821

C2

185.222.57.203:3333

Mutex

f30d07865704fc19fcdc80f3519e44b8

Attributes

reg_key
f30d07865704fc19fcdc80f3519e44b8
splitter
|'|'|

Targets

- Target
  
  eccd8b676bdc00e2bca6837225d0de82_JaffaCakes118
- Size
  
  127KB
- MD5
  
  eccd8b676bdc00e2bca6837225d0de82
- SHA1
  
  fcd9d9f947250d807d25e47f71b1e4d33a722c94
- SHA256
  
  4a16f3b48425de38d03e4c5f0d902ade1310b6f4ae413354b5a9949e7a895472
- SHA512
  
  702621e4aee8f0fac1535798abdc1d8e3c731f8449ce2b6c14657fddeecafb8ca17d9fd587e7c7ac0c4668dba40b98a8b77508981d6f30c2d8478396131a19ff
- SSDEEP
  
  3072:jn9ZdSp05IdUts+n+mI8/EUWnBLeQiv04/LvN6OdA/b1M5X:jZQ0FtsM8UkL8vJLpdy2X
Score

10^/10

njrat 110821 discovery evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrat110821discoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

njrat110821discoveryevasionpersistenceprivilege_escalationtrojan