njrat | c7f90f1e0b0472e8e18f7e2da07fc9d00f404f2a51c31b66f19e9460a28c2d3b | Triage

Resubmissions

03-01-2025 01:56

250103-ccv1wavkcz 10

Sharing

General

Target

JaffaCakes118_6987bc8d2458260efeea977790f30795
Size

404KB
Sample

250103-ccv1wavkcz
MD5

6987bc8d2458260efeea977790f30795
SHA1

b79826c1038605a767ee206e64bcc1821469a964
SHA256

c7f90f1e0b0472e8e18f7e2da07fc9d00f404f2a51c31b66f19e9460a28c2d3b
SHA512

0ad83c8836c7babbb321067add3a626d490faae48875a88699282b86d8f57ced3821fea825671fc02bb70ba4330e24a0cc1a91291db62923e7e9f016781f78d5
SSDEEP

1536:Wc8HjOIQ++G/XPApdzB/VZ7+X0mw6bzP1PhoHitOZ6ExlgFom4G1G1O:Wc8HqIJPPKZB/VZ7+6i7citOZRlgFM

Score

10^/10

njrat hacked evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

HacKed

C2

copeotr.no-ip.org:81

Mutex

5cd8f17f4086744065eb0992a09e05a2

Attributes

reg_key
5cd8f17f4086744065eb0992a09e05a2
splitter
|'|'|

Targets

- Target
  
  JaffaCakes118_6987bc8d2458260efeea977790f30795
- Size
  
  404KB
- MD5
  
  6987bc8d2458260efeea977790f30795
- SHA1
  
  b79826c1038605a767ee206e64bcc1821469a964
- SHA256
  
  c7f90f1e0b0472e8e18f7e2da07fc9d00f404f2a51c31b66f19e9460a28c2d3b
- SHA512
  
  0ad83c8836c7babbb321067add3a626d490faae48875a88699282b86d8f57ced3821fea825671fc02bb70ba4330e24a0cc1a91291db62923e7e9f016781f78d5
- SSDEEP
  
  1536:Wc8HjOIQ++G/XPApdzB/VZ7+X0mw6bzP1PhoHitOZ6ExlgFom4G1G1O:Wc8HqIJPPKZB/VZ7+6i7citOZRlgFM
Score

10^/10

njrat hacked evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackedevasionpersistenceprivilege_escalationtrojan

behavioral2

njrathackedevasionpersistenceprivilege_escalationtrojan