njrat | 6557f1b7fb95cfabcf9cf0d10f295b59c8c67ec0e496cda492b77d9dc759d2e7 | Triage

Sharing

General

Target

JaffaCakes118_6f7de8ce84514a557997fba5b00c7a40
Size

29KB
Sample

250103-zh5htsvphp
MD5

6f7de8ce84514a557997fba5b00c7a40
SHA1

2d0d5d16f6bcba7ba363c951f07571288df49ade
SHA256

6557f1b7fb95cfabcf9cf0d10f295b59c8c67ec0e496cda492b77d9dc759d2e7
SHA512

afbef9c7394169032c92830c547ddb48ebd4a97c445018524e1ee5c3567b2f28adfa98b83d426d28c6be2250e8eaafdeb09a68fa9e1a2d6de90b60a6ed70d326
SSDEEP

384:xF58D+6n1NjZPT3+psEUntuXSiwkV0zZuqUFhey4QeXYGeW6:xajNYOESi5VTZGZp6

Score

10^/10

njrat evasion persistence privilege_escalation trojan

Malware Config

Targets

- Target
  
  JaffaCakes118_6f7de8ce84514a557997fba5b00c7a40
- Size
  
  29KB
- MD5
  
  6f7de8ce84514a557997fba5b00c7a40
- SHA1
  
  2d0d5d16f6bcba7ba363c951f07571288df49ade
- SHA256
  
  6557f1b7fb95cfabcf9cf0d10f295b59c8c67ec0e496cda492b77d9dc759d2e7
- SHA512
  
  afbef9c7394169032c92830c547ddb48ebd4a97c445018524e1ee5c3567b2f28adfa98b83d426d28c6be2250e8eaafdeb09a68fa9e1a2d6de90b60a6ed70d326
- SSDEEP
  
  384:xF58D+6n1NjZPT3+psEUntuXSiwkV0zZuqUFhey4QeXYGeW6:xajNYOESi5VTZGZp6
Score

10^/10

njrat evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratevasionpersistenceprivilege_escalationtrojan

behavioral2

njratevasionpersistenceprivilege_escalationtrojan