njrat | 3cedcaa57838104537dc40e995eda9e8ad88c854192eab36e5a50d3922c969ff | Triage

Sharing

General

Target

JaffaCakes118_6fce57df746350b34c6e7ace27963850
Size

29KB
Sample

250103-1akzwstqdz
MD5

6fce57df746350b34c6e7ace27963850
SHA1

7326d6ba51b64d7838c342cda5b8bd211458f786
SHA256

3cedcaa57838104537dc40e995eda9e8ad88c854192eab36e5a50d3922c969ff
SHA512

bada62eef071134866fbb28726f9af243f8fcad1d134a75943bd989bd201c8f6185c34127f9785b625ac3e8e8d63781ef9ee32e4fb299af148c9328788e38bc4
SSDEEP

768:ppgh3JvFJl1fxhq4MUztswZ8q627Ypj3mrVoe:puhfJ7JhqtitswZ828xfe

Score

10^/10

njrat hacked evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

basheers.no-ip.biz:802

Mutex

b4488cccbca8d5923127abf4aa20e797

Attributes

reg_key
b4488cccbca8d5923127abf4aa20e797
splitter
|'|'|

Targets

- Target
  
  sample
- Size
  
  40KB
- MD5
  
  a9757714575730226fede0eecf4f4ae9
- SHA1
  
  2b4f2e2f768341c7d0648dc7ae3ac36174bfcd02
- SHA256
  
  057b75b211de20c064b338e0a14bfe30456d23c19e0a0c5347704d262b950a06
- SHA512
  
  3ea0be91b9e862145eaa1b8d92c2c8675bdbffa075d2183ef31abd6f6eed0dfecd886b8225397bdea9b616c121a52a6b7647e000fdeee0117611b8135be2c5ab
- SSDEEP
  
  384:tlbTkCTZu/h/2uXMd2nOOrgkOU7TtKD9E5ouIEZGdjkTbsq42WuGLW6I31Yk5gbn:tqGZ4MQ9tswZ8My27YpjbQO
Score

10^/10

njrat hacked evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackedevasionpersistenceprivilege_escalationtrojan

behavioral2

njrathackedevasionpersistenceprivilege_escalationtrojan