njrat | a9b8cef2c39cb4d8bf567d44f291330b1c207e94c47c2296cce6bb9be57d1a82 | Triage

Sharing

General

Target

JaffaCakes118_624e55a8d8bb148c31cfdd649a4659a0
Size

23KB
Sample

250102-dp6tkszngw
MD5

624e55a8d8bb148c31cfdd649a4659a0
SHA1

274a4de63e99c86d212f61618f04e2a023024c80
SHA256

a9b8cef2c39cb4d8bf567d44f291330b1c207e94c47c2296cce6bb9be57d1a82
SHA512

7bb8155e03dc0ad1e65105a3f899a9a9fc7fd160c1d1bba02d66b40d05cba66714a4e12dcfd6e9a3f9570902f2d9fbe0021c39a16cee5dc7b4983e420a97716a
SSDEEP

384:l/KPBfWhERYoBX16XuIeMHNw6Tg1Y6eeTFmRvR6JZlbw8hqIusZzZXsIKc:244P1InRpcnuAsO

Score

10^/10

njrat ضحايا سي 4 ذي قار discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

ضحايا سي 4 ذي قار

C2

alialnasry.no-ip.biz:5552

Mutex

6082dc31118c5de646d26ba2e8c79362

Attributes

reg_key
6082dc31118c5de646d26ba2e8c79362
splitter
|'|'|

Targets

- Target
  
  JaffaCakes118_624e55a8d8bb148c31cfdd649a4659a0
- Size
  
  23KB
- MD5
  
  624e55a8d8bb148c31cfdd649a4659a0
- SHA1
  
  274a4de63e99c86d212f61618f04e2a023024c80
- SHA256
  
  a9b8cef2c39cb4d8bf567d44f291330b1c207e94c47c2296cce6bb9be57d1a82
- SHA512
  
  7bb8155e03dc0ad1e65105a3f899a9a9fc7fd160c1d1bba02d66b40d05cba66714a4e12dcfd6e9a3f9570902f2d9fbe0021c39a16cee5dc7b4983e420a97716a
- SSDEEP
  
  384:l/KPBfWhERYoBX16XuIeMHNw6Tg1Y6eeTFmRvR6JZlbw8hqIusZzZXsIKc:244P1InRpcnuAsO
Score

10^/10

njrat ضحايا سي 4 ذي قار discovery evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

ضحايا سي 4 ذي قار njrat

behavioral1

njratضحايا سي 4 ذي قار discoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

njratdiscoveryevasionpersistenceprivilege_escalationtrojan