njrat | a5c9fcb35fcae9abf9e18c9b631d981ead63255e28efc0386e72ec004a0b6a3c | Triage

Sharing

General

Target

JaffaCakes118_67e9f048a8496c0c78cb9bf80c0ad800
Size

13KB
Sample

250102-ypncfswqhr
MD5

67e9f048a8496c0c78cb9bf80c0ad800
SHA1

9150318b90aa299a06457c84a9a8801006acbbd3
SHA256

a5c9fcb35fcae9abf9e18c9b631d981ead63255e28efc0386e72ec004a0b6a3c
SHA512

416429d64d21c56321e548b04aaea179163075498ac868160cbb75b2b12be8f0868533aa41fa43c918cccd52b6fe6d62b155deaa7e0fd0e3011610a12fa3365a
SSDEEP

384:/Ngswni6P7iQ4Nk70QJW2zm9vSRvSU+fMnFgRK0HCNcs6A:F9sFt4Nkgx2z+vSJSUFUCcNA

Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

127.0.0.1:1604

Mutex

032c6e346b739748e572e06648200854

Attributes

reg_key
032c6e346b739748e572e06648200854
splitter
|'|'|

Targets

- Target
  
  sample
- Size
  
  23KB
- MD5
  
  aec3f2c8eb5674cedddcdd429d1f3678
- SHA1
  
  f336ab3defc654d191aa4ffa3ea935ab2c2a04d5
- SHA256
  
  cc07689332bdcc48ac8025ae968ad3ac4923ed51460c76b5aa78c1af2a03a6b1
- SHA512
  
  50a46955aee69aa1b759cc603533f40e43d0d2d22b46e0a61c358675ada5ac684c4f43ce2d708c37032a57f6e790922f90b8e06da93417192044008f1e78e58c
- SSDEEP
  
  384:RweXCQIreJig/8Z7SS1fEBpng6tgL2IBPZVmRvR6JZlbw8hqIusZzZhRk:GLq411eRpcnun
Score

10^/10

njrat discovery evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratdiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

njratdiscoveryevasionpersistenceprivilege_escalationtrojan