njrat | 585137c99c22cd0b08e725b6f995a85a233ae31b118e30486bfbf2bb98d39a0e | Triage

Sharing

General

Target

123.exe
Size

93KB
Sample

241222-qxzrfsznfz
MD5

b4378a070bfed34faa41bcafe7a876b7
SHA1

4129b0e4742f0713d8e264f34272dcd2e560305e
SHA256

585137c99c22cd0b08e725b6f995a85a233ae31b118e30486bfbf2bb98d39a0e
SHA512

e33547a869ba9aea236ed664bf1f69d75e9c260c9392deb413dd6137703358f5f633286e443d5ab8c1fb8286cc3003f17fdad7c0a1939ba93d415d731ff76b1a
SSDEEP

1536:wdwC+xhUa9urgOBPRNvM4jEwzGi1dDlDMgS:wdmUa9urgObdGi1dZl

Score

10^/10

njrat fucked discovery evasion persistence privilege_escalation ransomware trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

fucked

C2

hakim32.ddns.net:2000

fat-pads.gl.at.ply.gg:35059

Mutex

1ded3b4c35b07f633f7f88a8380c030d

Attributes

reg_key
1ded3b4c35b07f633f7f88a8380c030d
splitter
|'|'|

Targets

- Target
  
  123.exe
- Size
  
  93KB
- MD5
  
  b4378a070bfed34faa41bcafe7a876b7
- SHA1
  
  4129b0e4742f0713d8e264f34272dcd2e560305e
- SHA256
  
  585137c99c22cd0b08e725b6f995a85a233ae31b118e30486bfbf2bb98d39a0e
- SHA512
  
  e33547a869ba9aea236ed664bf1f69d75e9c260c9392deb413dd6137703358f5f633286e443d5ab8c1fb8286cc3003f17fdad7c0a1939ba93d415d731ff76b1a
- SSDEEP
  
  1536:wdwC+xhUa9urgOBPRNvM4jEwzGi1dDlDMgS:wdmUa9urgObdGi1dZl
Score

10^/10

njrat fucked discovery evasion persistence privilege_escalation ransomware trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

njratfuckeddiscoveryevasionpersistenceprivilege_escalationransomwaretrojan

behavioral2

discoveryevasionpersistenceprivilege_escalation