njrat | 3825fe6fd9e8754b3d4a374b8c73884647c6898d5e1220a0fe89b1a3dc8e35c4 | Triage

Sharing

General

Target

55e2016fcb659bdf0f46a24ef2876609.exe
Size

93KB
Sample

241224-c6ewraznbm
MD5

55e2016fcb659bdf0f46a24ef2876609
SHA1

5afb69f26ddf1884372643a2b00d16a481fc7c26
SHA256

3825fe6fd9e8754b3d4a374b8c73884647c6898d5e1220a0fe89b1a3dc8e35c4
SHA512

4de0fb035b904bd2557d48aacfea53346748e0dbda86b710ee86796c374c37fd35e50f4d8b05cd1c058f95665894629f8848f4bce45378c00ced771baaea3e46
SSDEEP

1536:jwWmC+xhUa9urgOB9RNvM4jEwzGi1dDID0gS:cWgUa9urgONdGi1dmt

Score

10^/10

njrat owned discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Owned

C2

hakim32.ddns.net:2000

167.71.56.116:22342

Mutex

24983f03fb74576bbc5af6aa1085b23d

Attributes

reg_key
24983f03fb74576bbc5af6aa1085b23d
splitter
|'|'|

Targets

- Target
  
  55e2016fcb659bdf0f46a24ef2876609.exe
- Size
  
  93KB
- MD5
  
  55e2016fcb659bdf0f46a24ef2876609
- SHA1
  
  5afb69f26ddf1884372643a2b00d16a481fc7c26
- SHA256
  
  3825fe6fd9e8754b3d4a374b8c73884647c6898d5e1220a0fe89b1a3dc8e35c4
- SHA512
  
  4de0fb035b904bd2557d48aacfea53346748e0dbda86b710ee86796c374c37fd35e50f4d8b05cd1c058f95665894629f8848f4bce45378c00ced771baaea3e46
- SSDEEP
  
  1536:jwWmC+xhUa9urgOB9RNvM4jEwzGi1dDID0gS:cWgUa9urgONdGi1dmt
Score

10^/10

njrat owned discovery evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratowneddiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

discoveryevasionpersistenceprivilege_escalation