njrat | b8d9fff131b329d08ac333e0472509a19623c3a01843383e09aaedeedb334334 | Triage

Sharing

General

Target

b8d9fff131b329d08ac333e0472509a19623c3a01843383e09aaedeedb334334
Size

111KB
Sample

250102-ebs61a1pey
MD5

08e5e8abc78ae9c65e9423f2d212a538
SHA1

3d951951e2f7ded54db416894b68a9db8af7cb19
SHA256

b8d9fff131b329d08ac333e0472509a19623c3a01843383e09aaedeedb334334
SHA512

0630023c3a5ffe868e24e522c98aa1df95b8a9b80d1faf2394157d2b7bf0bbbb040f67838ed52f5a523c7628fd91f07a311321eda6d37449e0c50d3ae96f998a
SSDEEP

3072:HhjMnMkVMjkHOU4c2CYdFOjPkgPWpwkx1lFA:tKPOJc2CuOD3PWBlF

Score

10^/10

njrat hacked evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

booom.no-ip.biz:1177

Mutex

ad8ed9cf4a23a6f00a8fcff639a08b21

Attributes

reg_key
ad8ed9cf4a23a6f00a8fcff639a08b21
splitter
|'|'|

Targets

- Target
  
  b8d9fff131b329d08ac333e0472509a19623c3a01843383e09aaedeedb334334
- Size
  
  111KB
- MD5
  
  08e5e8abc78ae9c65e9423f2d212a538
- SHA1
  
  3d951951e2f7ded54db416894b68a9db8af7cb19
- SHA256
  
  b8d9fff131b329d08ac333e0472509a19623c3a01843383e09aaedeedb334334
- SHA512
  
  0630023c3a5ffe868e24e522c98aa1df95b8a9b80d1faf2394157d2b7bf0bbbb040f67838ed52f5a523c7628fd91f07a311321eda6d37449e0c50d3ae96f998a
- SSDEEP
  
  3072:HhjMnMkVMjkHOU4c2CYdFOjPkgPWpwkx1lFA:tKPOJc2CuOD3PWBlF
Score

10^/10

njrat hacked evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackedevasionpersistenceprivilege_escalationtrojan

behavioral2

njrathackedevasionpersistenceprivilege_escalationtrojan