njrat | 902dcd066ae1cf9d5597c41fada88041bed6756e7f587f2b0379dc45fa3f8aa8 | Triage

Sharing

General

Target

JaffaCakes118_6c2f4dfea5d113843c09d4f940ae1c90
Size

55KB
Sample

250103-m7vnpsznc1
MD5

6c2f4dfea5d113843c09d4f940ae1c90
SHA1

3ded29de56f4d4c986a3bc85bf878622e2814641
SHA256

902dcd066ae1cf9d5597c41fada88041bed6756e7f587f2b0379dc45fa3f8aa8
SHA512

97fd2da037a194ffbaf3746ddc66bdb17e0b3416ae4c092f7456b3bffe2352f837bab4dd68a9fff97cd6c506e7240fc1c6133c3c9354c068c77d48398331cef4
SSDEEP

1536:spx1cAd08AzTC+r47E5B0x5IXQdzGOF/rx:kx1cAdJETNrkiuxWAM8x

Score

10^/10

njrat جديد evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

جديد

C2

kazimali00.no-ip.org:5552

Mutex

92c0d81affa225c91e4be25ce2f1a838

Attributes

reg_key
92c0d81affa225c91e4be25ce2f1a838
splitter
|'|'|

Targets

- Target
  
  JaffaCakes118_6c2f4dfea5d113843c09d4f940ae1c90
- Size
  
  55KB
- MD5
  
  6c2f4dfea5d113843c09d4f940ae1c90
- SHA1
  
  3ded29de56f4d4c986a3bc85bf878622e2814641
- SHA256
  
  902dcd066ae1cf9d5597c41fada88041bed6756e7f587f2b0379dc45fa3f8aa8
- SHA512
  
  97fd2da037a194ffbaf3746ddc66bdb17e0b3416ae4c092f7456b3bffe2352f837bab4dd68a9fff97cd6c506e7240fc1c6133c3c9354c068c77d48398331cef4
- SSDEEP
  
  1536:spx1cAd08AzTC+r47E5B0x5IXQdzGOF/rx:kx1cAdJETNrkiuxWAM8x
Score

10^/10

njrat جديد evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratجديدevasionpersistenceprivilege_escalationtrojan

behavioral2

njratجديدevasionpersistenceprivilege_escalationtrojan