njrat | hxxps://gofile[.]io/d/tvoxvR | Triage

Resubmissions

19-12-2024 23:19

241219-3a6byasqcs 10

19-12-2024 23:18

241219-3abgkasqay 4

Sharing

General

Target

https://gofile.io/d/tvoxvR
Sample

241219-3a6byasqcs

Score

10^/10

njrat discovery evasion persistence privilege_escalation pyinstaller spyware stealer trojan

Malware Config

Targets

- Target
  
  https://gofile.io/d/tvoxvR
Score

10^/10

njrat discovery evasion persistence privilege_escalation pyinstaller spyware stealer trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Downloads MZ/PE file
- Modifies Windows Firewall
  evasion
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

urlscan1

behavioral1

njratdiscoveryevasionpersistenceprivilege_escalationpyinstallerspywarestealertrojan