njrat | a2ca61183a3fd5d9b7b6776fc5413fa448d3fa3d1f935c83dd219def144f46d6 | Triage

Sharing

General

Target

JaffaCakes118_64f35e4b276558dd2d8f429f97bae630
Size

358KB
Sample

250102-n78q1a1mct
MD5

64f35e4b276558dd2d8f429f97bae630
SHA1

9f83e952ddb3e0b36f2946745fce1046e638bde1
SHA256

a2ca61183a3fd5d9b7b6776fc5413fa448d3fa3d1f935c83dd219def144f46d6
SHA512

cdb2a7a409a4568439f72f11d71ccc9c38a8d2ec81a02c71d7f0ad221120be1dad31b94cb267c3ede9b15b5702aef896ee16140a3b4e87d7fefccf50f5a9e605
SSDEEP

6144:aFIHFvS3jqjXdlwT8qyboO1PWPkPH8Lj6JPoUCRb2HYHBYpA:a0ZS3jqjcwRB1PdH8Lj6JoR8YHupA

Score

10^/10

njrat evasion persistence privilege_escalation trojan

Malware Config

Targets

- Target
  
  JaffaCakes118_64f35e4b276558dd2d8f429f97bae630
- Size
  
  358KB
- MD5
  
  64f35e4b276558dd2d8f429f97bae630
- SHA1
  
  9f83e952ddb3e0b36f2946745fce1046e638bde1
- SHA256
  
  a2ca61183a3fd5d9b7b6776fc5413fa448d3fa3d1f935c83dd219def144f46d6
- SHA512
  
  cdb2a7a409a4568439f72f11d71ccc9c38a8d2ec81a02c71d7f0ad221120be1dad31b94cb267c3ede9b15b5702aef896ee16140a3b4e87d7fefccf50f5a9e605
- SSDEEP
  
  6144:aFIHFvS3jqjXdlwT8qyboO1PWPkPH8Lj6JPoUCRb2HYHBYpA:a0ZS3jqjcwRB1PdH8Lj6JoR8YHupA
Score

10^/10

njrat evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratevasionpersistenceprivilege_escalationtrojan

behavioral2

njratevasionpersistenceprivilege_escalationtrojan