njrat | 3933f1e8608aa3b1fd14fbae2a92a2270c57ea643214c5595a467d18cb40cd3a | Triage

Sharing

General

Target

3933f1e8608aa3b1fd14fbae2a92a2270c57ea643214c5595a467d18cb40cd3aN.exe
Size

80KB
Sample

250104-j6jy2a1lgs
MD5

41c5fbab311f1f91acf6d663a92a38a0
SHA1

3c0faf99d61fa5b5635562c249ff14642d287da7
SHA256

3933f1e8608aa3b1fd14fbae2a92a2270c57ea643214c5595a467d18cb40cd3a
SHA512

69e19c245aeb05fa78ae5ef701dbb9b0c99769e3c096348fd1d1b4c0bd2ead0bdc52d7bdce83e67e5d5f1adec48089890252d6249e9378848b1e06eb6849d85e
SSDEEP

1536:eV0OMHYAwoDfsP0cTVrWDGu4eeGWQX17S38Mdb:c0OiDorOp4ee+Ml

Score

10^/10

njrat hacked evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

skandar001007.ddns.net:1101

Mutex

5c41cf8b7fd17bab9bf957c2625a7998

Attributes

reg_key
5c41cf8b7fd17bab9bf957c2625a7998
splitter
|'|'|

Targets

- Target
  
  3933f1e8608aa3b1fd14fbae2a92a2270c57ea643214c5595a467d18cb40cd3aN.exe
- Size
  
  80KB
- MD5
  
  41c5fbab311f1f91acf6d663a92a38a0
- SHA1
  
  3c0faf99d61fa5b5635562c249ff14642d287da7
- SHA256
  
  3933f1e8608aa3b1fd14fbae2a92a2270c57ea643214c5595a467d18cb40cd3a
- SHA512
  
  69e19c245aeb05fa78ae5ef701dbb9b0c99769e3c096348fd1d1b4c0bd2ead0bdc52d7bdce83e67e5d5f1adec48089890252d6249e9378848b1e06eb6849d85e
- SSDEEP
  
  1536:eV0OMHYAwoDfsP0cTVrWDGu4eeGWQX17S38Mdb:c0OiDorOp4ee+Ml
Score

10^/10

njrat hacked evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackedevasionpersistenceprivilege_escalationtrojan

behavioral2

njrathackedevasionpersistenceprivilege_escalationtrojan