njrat | b45f3be47e63026ba7855baff9aa427f1524fa7f90b02e41663c411579f4a257 | Triage

Sharing

General

Target

f256abf7b1bc79d6e87fb9bca01f05b8_JaffaCakes118
Size

22KB
Sample

241215-fata2swmdk
MD5

f256abf7b1bc79d6e87fb9bca01f05b8
SHA1

ad227f08cd6594a8c8dff2ce60f851a5c775256b
SHA256

b45f3be47e63026ba7855baff9aa427f1524fa7f90b02e41663c411579f4a257
SHA512

c82d7c7e567df087a54120489bef3770721377deeb903c4ff7f0a9c01f663cc5374a6ec5af7200d3dc2b2309635bfe7e77c3b19036e5e268ec9dc1bcd9596f8e
SSDEEP

384:SHY324bcgPiJLQrfARGSRUJsbY6ZgvSMBD3t8mRvR6JZlbw8hqIusZzZdC:SQL2s+tRyRpcnuL

Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

wiindows.myvnc.com:6340

Mutex

a01803faca50bff46b0de419bf203b09

Attributes

reg_key
a01803faca50bff46b0de419bf203b09
splitter
|'|'|

Targets

- Target
  
  f256abf7b1bc79d6e87fb9bca01f05b8_JaffaCakes118
- Size
  
  22KB
- MD5
  
  f256abf7b1bc79d6e87fb9bca01f05b8
- SHA1
  
  ad227f08cd6594a8c8dff2ce60f851a5c775256b
- SHA256
  
  b45f3be47e63026ba7855baff9aa427f1524fa7f90b02e41663c411579f4a257
- SHA512
  
  c82d7c7e567df087a54120489bef3770721377deeb903c4ff7f0a9c01f663cc5374a6ec5af7200d3dc2b2309635bfe7e77c3b19036e5e268ec9dc1bcd9596f8e
- SSDEEP
  
  384:SHY324bcgPiJLQrfARGSRUJsbY6ZgvSMBD3t8mRvR6JZlbw8hqIusZzZdC:SQL2s+tRyRpcnuL
Score

10^/10

njrat discovery evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratdiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

njratdiscoveryevasionpersistenceprivilege_escalationtrojan