njrat | 68635669a3be3a643e7e084c39a425006c5c0016c8ae798eecd346e81feb7980 | Triage

Sharing

General

Target

LaucherSynapseV4.7z
Size

14KB
Sample

241222-nz2mqaxjcx
MD5

5d9d29404d520bb127f9ac15686b38f0
SHA1

baf277de9451b5ab458070c53775f610efb03967
SHA256

68635669a3be3a643e7e084c39a425006c5c0016c8ae798eecd346e81feb7980
SHA512

d9165c15bf8cd32c36854b951b2426de63f0e8aae666794987255485bc24fc8b7d5ad664ed985bacb0ca212af5ad768ea7bd3164a923d6117a2f91faadb4654e
SSDEEP

384:TJgp8hp1320F4M9HhO3hv+mXrWbMQhpa0psFIsgDF90o:9gKp1320FEAEKbfOMsrgDgo

Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

7.tcp.eu.ngrok.io:19688:9999

Mutex

4b6ded2c8a70c1b087e0b5124eef254e

Attributes

reg_key
4b6ded2c8a70c1b087e0b5124eef254e
splitter
|'|'|

Targets

- Target
  
  LaucherSynapseV4.exe
- Size
  
  37KB
- MD5
  
  f460846de20690850fa26e0b8530ada3
- SHA1
  
  22f80ff3ebeab0518faf54602ed48f651e7e551c
- SHA256
  
  8b3f2727ee18fa84fafe6d61f38e2b24a3f66b85d8b5488e09e3f639f84aa3f9
- SHA512
  
  c6a04ac50041b329f34d5651f41693953dceddcc20a7bc999660b2657ecb794eb0bfedf400f3dbc93711d966ff94d2b43f0e447012ed0283036056641d6e5303
- SSDEEP
  
  384:B5waCiMGB63fbw6ZfrZUy8fiCH1OgmBeRcrAF+rMRTyN/0L+EcoinblneHQM3epg:0a0DwODZX8fiCEdeWrM+rMRa8NuREt
Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackeddiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

discoveryevasionpersistenceprivilege_escalation