njrat | 416d145a0dc8a9e93406fee188f14e7bafb1f0b5665b2fcaf0fecdb38cb6544c | Triage

Sharing

General

Target

JaffaCakes118_1eb469098024d54f03e41226dfe9d5f4
Size

161KB
Sample

241231-qr3wxsslhy
MD5

1eb469098024d54f03e41226dfe9d5f4
SHA1

17799905938432be1bc73fcdf60be081230f6a65
SHA256

416d145a0dc8a9e93406fee188f14e7bafb1f0b5665b2fcaf0fecdb38cb6544c
SHA512

c359af382807df22a5b96e9ae1db71c91fafdf76a3a2693496859418bb772d3aa5f4b78f87b2afb5f05ac9d240296441861d81458b868723b12c0bc5a3f61f6c
SSDEEP

1536:ofRTkQ+vaRvo2pHJOLELmXtH7jg2MC1E3:ofRTkQ+4pOLV9bMI1Q

Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

127.0.0.1:1177

Mutex

9e7cec1764a508c362c0d940f4480146

Attributes

reg_key
9e7cec1764a508c362c0d940f4480146
splitter
|'|'|

Targets

- Target
  
  JaffaCakes118_1eb469098024d54f03e41226dfe9d5f4
- Size
  
  161KB
- MD5
  
  1eb469098024d54f03e41226dfe9d5f4
- SHA1
  
  17799905938432be1bc73fcdf60be081230f6a65
- SHA256
  
  416d145a0dc8a9e93406fee188f14e7bafb1f0b5665b2fcaf0fecdb38cb6544c
- SHA512
  
  c359af382807df22a5b96e9ae1db71c91fafdf76a3a2693496859418bb772d3aa5f4b78f87b2afb5f05ac9d240296441861d81458b868723b12c0bc5a3f61f6c
- SSDEEP
  
  1536:ofRTkQ+vaRvo2pHJOLELmXtH7jg2MC1E3:ofRTkQ+4pOLV9bMI1Q
Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackeddiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

njrathackeddiscoveryevasionpersistenceprivilege_escalationtrojan