njrat | c8ebfb28d731a5327defd33eea31b84ae3ccc939d0aff668f5c6d5548573e3f0 | Triage

Sharing

General

Target

JaffaCakes118_68438c308d130716f80aa9a021662850
Size

219KB
Sample

250102-z1jn3swjhx
MD5

68438c308d130716f80aa9a021662850
SHA1

add2d84c1bd330c0823956c6b854bd415794d2e2
SHA256

c8ebfb28d731a5327defd33eea31b84ae3ccc939d0aff668f5c6d5548573e3f0
SHA512

f06152825a78e46997b5c24f1fb8c98c185b727806adb2b5882283c97cf23a30f9e996bd4c21990e1ab73902f377e9612ab4615e0a884ba7960a9f84b60c0506
SSDEEP

6144:8GTcQZLy3VvDGmgeF0YPR7E8It4QyWVXvRsQnj5/:8GTOFNp544Qn/eQF

Score

10^/10

njrat hacked evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

hackerbmx.ddns.net:2880

Mutex

cc57968da41b2265f09489d6547c830c

Attributes

reg_key
cc57968da41b2265f09489d6547c830c
splitter
|'|'|

Targets

- Target
  
  JaffaCakes118_68438c308d130716f80aa9a021662850
- Size
  
  219KB
- MD5
  
  68438c308d130716f80aa9a021662850
- SHA1
  
  add2d84c1bd330c0823956c6b854bd415794d2e2
- SHA256
  
  c8ebfb28d731a5327defd33eea31b84ae3ccc939d0aff668f5c6d5548573e3f0
- SHA512
  
  f06152825a78e46997b5c24f1fb8c98c185b727806adb2b5882283c97cf23a30f9e996bd4c21990e1ab73902f377e9612ab4615e0a884ba7960a9f84b60c0506
- SSDEEP
  
  6144:8GTcQZLy3VvDGmgeF0YPR7E8It4QyWVXvRsQnj5/:8GTOFNp544Qn/eQF
Score

10^/10

njrat hacked evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackedevasionpersistenceprivilege_escalationtrojan

behavioral2

njrathackedevasionpersistenceprivilege_escalationtrojan