njrat | 87a40d2e8ebe033ff3d359309dda136f1bced5c5578c8ea7d05b9d97e5adb12f | Triage

Sharing

General

Target

87a40d2e8ebe033ff3d359309dda136f1bced5c5578c8ea7d05b9d97e5adb12f.exe
Size

93KB
Sample

241214-n2gqbssngk
MD5

8be7cd574b5424c43a6d0ccc4a989412
SHA1

946d22547849765d756071f63be3417b30f39c6f
SHA256

87a40d2e8ebe033ff3d359309dda136f1bced5c5578c8ea7d05b9d97e5adb12f
SHA512

8aff9965a7c8ccb357b3e026c2b65eb0457d4967ddbbb269f781ce62c9c77667b3a7ed4e8794bdaff6a7adfd46757cf1579bf740ec5a0d2747efa824bcf18eeb
SSDEEP

1536:lIEQIBlfGQFk2ZonmzlMxjEwzGi1dD1DYgS:lICtFk2ZonmZMOi1dxB

Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

hakim32.ddns.net:2000

127.0.0.1:444

Mutex

990be91699f271511aed6c9147533362

Attributes

reg_key
990be91699f271511aed6c9147533362
splitter
|'|'|

Targets

- Target
  
  87a40d2e8ebe033ff3d359309dda136f1bced5c5578c8ea7d05b9d97e5adb12f.exe
- Size
  
  93KB
- MD5
  
  8be7cd574b5424c43a6d0ccc4a989412
- SHA1
  
  946d22547849765d756071f63be3417b30f39c6f
- SHA256
  
  87a40d2e8ebe033ff3d359309dda136f1bced5c5578c8ea7d05b9d97e5adb12f
- SHA512
  
  8aff9965a7c8ccb357b3e026c2b65eb0457d4967ddbbb269f781ce62c9c77667b3a7ed4e8794bdaff6a7adfd46757cf1579bf740ec5a0d2747efa824bcf18eeb
- SSDEEP
  
  1536:lIEQIBlfGQFk2ZonmzlMxjEwzGi1dD1DYgS:lICtFk2ZonmZMOi1dxB
Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Scheduled Task/Job

Scheduled Task

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackeddiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

njrathackeddiscoveryevasionpersistenceprivilege_escalationtrojan