njrat | e60b68d602345039323a8f4e93195e4a59888670434070ebdc24befcf255af71 | Triage

Sharing

General

Target

JaffaCakes118_72a5fd05b4104ceae96dbdf1ec828de7
Size

157KB
Sample

250103-2nln1sxmbt
MD5

72a5fd05b4104ceae96dbdf1ec828de7
SHA1

e4035afaa156bc654b68bab37a4cc0e13a81a997
SHA256

e60b68d602345039323a8f4e93195e4a59888670434070ebdc24befcf255af71
SHA512

659ea570887900b0bc3f0e36369bfde319e313a1f76460dfd8d138b0880697c4dc423ed22f5041172989b5d13ab4760464ee39f896baca0a8c6447e147569adf
SSDEEP

3072:e9ssC8Ocz1XAm17cmx7XLHs+1nMLuddFUKAjLT1CXAyH:eVlpx7XfnOm7UKAJCX

Score

10^/10

njrat discovery evasion persistence privilege_escalation trojan

Malware Config

Targets

- Target
  
  JaffaCakes118_72a5fd05b4104ceae96dbdf1ec828de7
- Size
  
  157KB
- MD5
  
  72a5fd05b4104ceae96dbdf1ec828de7
- SHA1
  
  e4035afaa156bc654b68bab37a4cc0e13a81a997
- SHA256
  
  e60b68d602345039323a8f4e93195e4a59888670434070ebdc24befcf255af71
- SHA512
  
  659ea570887900b0bc3f0e36369bfde319e313a1f76460dfd8d138b0880697c4dc423ed22f5041172989b5d13ab4760464ee39f896baca0a8c6447e147569adf
- SSDEEP
  
  3072:e9ssC8Ocz1XAm17cmx7XLHs+1nMLuddFUKAjLT1CXAyH:eVlpx7XfnOm7UKAJCX
Score

10^/10

njrat discovery evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratdiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

njratdiscoveryevasionpersistenceprivilege_escalationtrojan