njrat | cf4dfe65f25fbf6221a767f45d1cc7f98c4cd972560d9c3a2d70cf9b87dbf644 | Triage

Sharing

General

Target

JaffaCakes118_6670b5ca013576c1221ba87d9fb349a0
Size

24KB
Sample

250102-tvf34sxqgv
MD5

6670b5ca013576c1221ba87d9fb349a0
SHA1

1ff170786e670149cddd702a90c8a5c0ccfc3186
SHA256

cf4dfe65f25fbf6221a767f45d1cc7f98c4cd972560d9c3a2d70cf9b87dbf644
SHA512

7d36bc4c070dd4eedb281ae2fd78240fc42fd1c280bc18b7ff3149f7ad5ab44a1ad087dfb44916944d8fced09b7ad6b6ca963f787f272ff93098acc156359df2
SSDEEP

384:qc6ze6e1PAhJVzC3tC1im/BsTx46PgZ0rap9HBmRvR6JZlbw8hqIusZzZvc:qe9EJLN/yRpcnuz

Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

anwarmaxa.no-ip.biz:4498

Mutex

abc4c646bbdae26ea820ad4be4d0c672

Attributes

reg_key
abc4c646bbdae26ea820ad4be4d0c672
splitter
|'|'|

Targets

- Target
  
  JaffaCakes118_6670b5ca013576c1221ba87d9fb349a0
- Size
  
  24KB
- MD5
  
  6670b5ca013576c1221ba87d9fb349a0
- SHA1
  
  1ff170786e670149cddd702a90c8a5c0ccfc3186
- SHA256
  
  cf4dfe65f25fbf6221a767f45d1cc7f98c4cd972560d9c3a2d70cf9b87dbf644
- SHA512
  
  7d36bc4c070dd4eedb281ae2fd78240fc42fd1c280bc18b7ff3149f7ad5ab44a1ad087dfb44916944d8fced09b7ad6b6ca963f787f272ff93098acc156359df2
- SSDEEP
  
  384:qc6ze6e1PAhJVzC3tC1im/BsTx46PgZ0rap9HBmRvR6JZlbw8hqIusZzZvc:qe9EJLN/yRpcnuz
Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackeddiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

njratdiscoveryevasionpersistenceprivilege_escalationtrojan