njrat | 2b28168136c1e2a2d81d22d46d6b349719bf773396d0e27b010ec67d91759d42 | Triage

Sharing

General

Target

JaffaCakes118_014ef5005fc6c2eb107aa8c146fc33fc
Size

99KB
Sample

241231-c4kn8azmar
MD5

014ef5005fc6c2eb107aa8c146fc33fc
SHA1

d67721f3cb9e6e9d2f4b519905bd0e5c71ab3273
SHA256

2b28168136c1e2a2d81d22d46d6b349719bf773396d0e27b010ec67d91759d42
SHA512

74afd73ea46047a041f0b88f3a74ba5502f2afc11fd2d7147588c6bb38b20eee1b91173520b66b5e4e66a2e1a4fdb577e6c678c7926c3d1e2e1ab041bf368857
SSDEEP

3072:iJiNGFF2JGqWLZ7nrJFooWA4hzat62mO:5GF8Jsxn1CWh4

Score

10^/10

njrat enero discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

ENERO

C2

trabajo8312.duckdns.org:2083

Mutex

8cffb6bedd24b9363719de415062cd1d

Attributes

reg_key
8cffb6bedd24b9363719de415062cd1d
splitter
|'|'|

Targets

- Target
  
  JaffaCakes118_014ef5005fc6c2eb107aa8c146fc33fc
- Size
  
  99KB
- MD5
  
  014ef5005fc6c2eb107aa8c146fc33fc
- SHA1
  
  d67721f3cb9e6e9d2f4b519905bd0e5c71ab3273
- SHA256
  
  2b28168136c1e2a2d81d22d46d6b349719bf773396d0e27b010ec67d91759d42
- SHA512
  
  74afd73ea46047a041f0b88f3a74ba5502f2afc11fd2d7147588c6bb38b20eee1b91173520b66b5e4e66a2e1a4fdb577e6c678c7926c3d1e2e1ab041bf368857
- SSDEEP
  
  3072:iJiNGFF2JGqWLZ7nrJFooWA4hzat62mO:5GF8Jsxn1CWh4
Score

10^/10

njrat enero discovery evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratenerodiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

njratdiscoveryevasionpersistenceprivilege_escalationtrojan