njrat | 03aa71242b74bf7c34fd6ccd2ef8bc6d1e31c4982d35fba4c01f816cdcc1c2b6 | Triage

Sharing

General

Target

JaffaCakes118_03aa71242b74bf7c34fd6ccd2ef8bc6d1e31c4982d35fba4c01f816cdcc1c2b6
Size

26KB
Sample

241224-1lc4esyjcv
MD5

d0a5b57af45c235f627cc5751b10a204
SHA1

f4c3097378337d6932fad2d44b03255d9410d0aa
SHA256

03aa71242b74bf7c34fd6ccd2ef8bc6d1e31c4982d35fba4c01f816cdcc1c2b6
SHA512

f7b3215dca054837808538fbf0b004f05a69097a13bbae6aed88b7b1c868c64a42a69bb4c7a1d78334269af5901af9b562eddcabe45fe7e3e00c3caff3e5bb4a
SSDEEP

768:v2CnAoMN2B+M5yrLHRZwbftJrAq7Sd1/p0PcL:v2CAbN2B7YXHRYftJh2d1yw

Score

10^/10

njrat xxx hacked xxx discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

xxx hacked xxx

C2

spartacuse88.no-ip.biz:1177

Mutex

84adfa5a9d5629f88ca0812ce7b6ab7e

Attributes

reg_key
84adfa5a9d5629f88ca0812ce7b6ab7e
splitter
|'|'|

Targets

- Target
  
  bd85943a6635964d9512452a755d7ffaae258378db310e3dd1f9c022032ff60b
- Size
  
  118KB
- MD5
  
  e54682be77b5e5c2038370451c2f63b8
- SHA1
  
  643aadc5c788ea6d7f1f6944d019df28f68ca104
- SHA256
  
  bd85943a6635964d9512452a755d7ffaae258378db310e3dd1f9c022032ff60b
- SHA512
  
  9ca0130d62d7837ba0990a37f35047f686b21c779a278473d8e1ec1012ebf94103fc7725beea10686bdeda4dbbe9b869c53e4394d8894c378d4129223f2c0b56
- SSDEEP
  
  1536:qNLrsO9mKKPiV6TpQUfyeW6H9nTcQkVqceHYciGIH/NOauZBrBdgUVsoH:SLz9mp7IVOau37H
Score

10^/10

njrat xxx hacked xxx discovery evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratxxx hacked xxxdiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2