njrat | 7592cebfccba1ed4726d0a1fe75bf63abfdc30b8452345ec4954dd3c2473cb00 | Triage

Sharing

General

Target

JaffaCakes118_7922da2db330c7cedb734bfab89d9ae0
Size

238KB
Sample

250104-mb868axlcm
MD5

7922da2db330c7cedb734bfab89d9ae0
SHA1

06ef4719628b701a30914cbb39927af02f09b311
SHA256

7592cebfccba1ed4726d0a1fe75bf63abfdc30b8452345ec4954dd3c2473cb00
SHA512

55a04722ebd215fe752811aff2d94b365d485c26bb3102fe9abc169e8d48102a35a58b069af17cad89755f05ec4e0447855452806721abfb96f6f7e88a739f1e
SSDEEP

6144:otRRBVuQ8hMNYl2tgtCASsZhYUIKtAzM1+U:ot3BVt8hBl2tgtCLsZhYFy+M1

Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

najrat13.no-ip.info:1177

Mutex

fe846520f3eb4e72966214ff26ac3a9d

Attributes

reg_key
fe846520f3eb4e72966214ff26ac3a9d
splitter
|'|'|

Targets

- Target
  
  JaffaCakes118_7922da2db330c7cedb734bfab89d9ae0
- Size
  
  238KB
- MD5
  
  7922da2db330c7cedb734bfab89d9ae0
- SHA1
  
  06ef4719628b701a30914cbb39927af02f09b311
- SHA256
  
  7592cebfccba1ed4726d0a1fe75bf63abfdc30b8452345ec4954dd3c2473cb00
- SHA512
  
  55a04722ebd215fe752811aff2d94b365d485c26bb3102fe9abc169e8d48102a35a58b069af17cad89755f05ec4e0447855452806721abfb96f6f7e88a739f1e
- SSDEEP
  
  6144:otRRBVuQ8hMNYl2tgtCASsZhYUIKtAzM1+U:ot3BVt8hBl2tgtCLsZhYFy+M1
Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackeddiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2