njrat | 113942263edbc8f96d31bb7cffb2c07bc960dcd423a82e039b5fe0d81f68cc8c | Triage

Sharing

General

Target

JaffaCakes118_64c9f8d2a269237f3f8525651d53ad80
Size

872KB
Sample

250102-npwnqaznd1
MD5

64c9f8d2a269237f3f8525651d53ad80
SHA1

c4cc3f01c09bbe5739ac59808004981b13016866
SHA256

113942263edbc8f96d31bb7cffb2c07bc960dcd423a82e039b5fe0d81f68cc8c
SHA512

1d4bbc5f49e508faf2507cfef755f613aceb1c2a5d9dab567e5e711bd29df1e5b22c4ba6607bfd5f5ac2239229cc3eda1186f72b3866c50774dffcb77356b9d2
SSDEEP

24576:ReFSOqvfLOXHMp4wtkOoTX17FUxy0vcroSfz0qdbPK:Y4OqC3MpFkDF7FUxy0vcroSAqNi

Score

10^/10

njrat evasion persistence privilege_escalation trojan

Malware Config

Targets

- Target
  
  JaffaCakes118_64c9f8d2a269237f3f8525651d53ad80
- Size
  
  872KB
- MD5
  
  64c9f8d2a269237f3f8525651d53ad80
- SHA1
  
  c4cc3f01c09bbe5739ac59808004981b13016866
- SHA256
  
  113942263edbc8f96d31bb7cffb2c07bc960dcd423a82e039b5fe0d81f68cc8c
- SHA512
  
  1d4bbc5f49e508faf2507cfef755f613aceb1c2a5d9dab567e5e711bd29df1e5b22c4ba6607bfd5f5ac2239229cc3eda1186f72b3866c50774dffcb77356b9d2
- SSDEEP
  
  24576:ReFSOqvfLOXHMp4wtkOoTX17FUxy0vcroSfz0qdbPK:Y4OqC3MpFkDF7FUxy0vcroSAqNi
Score

10^/10

njrat evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratevasionpersistenceprivilege_escalationtrojan

behavioral2

njratevasionpersistenceprivilege_escalationtrojan