njrat | 148f3eaea6acf3686f340905d53c9eb3b6cd5c537ba661a227d3303f45ff1ffa | Triage

Sharing

General

Target

JaffaCakes118_85ce86e00afb30ea032310793367cbf1
Size

202KB
Sample

250105-c14mxs1jhk
MD5

85ce86e00afb30ea032310793367cbf1
SHA1

0b8d31dfaa3a4d4f64ff51c539be3210795fbc01
SHA256

148f3eaea6acf3686f340905d53c9eb3b6cd5c537ba661a227d3303f45ff1ffa
SHA512

15d26c987cc2a122c13eefd458ebc40ad6e4ed83bb61d139af16a1d3eecd78ed98272f63a219acad086625a8fa7678b896de76f792804c868a18c39f483a98f4
SSDEEP

384:ySe8ng4k586MSXLhtv26SMHzWANpSOPNQ1SU/U+l+H5NUclkKAqY1BslRGQZWMVJ:yf8ngf51MgzzDhGxMVJ

Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

192.168.10.6:1177

Mutex

ca8e9a6c0e538fdec08f199c20453f00

Attributes

reg_key
ca8e9a6c0e538fdec08f199c20453f00
splitter
|'|'|

Targets

- Target
  
  JaffaCakes118_85ce86e00afb30ea032310793367cbf1
- Size
  
  202KB
- MD5
  
  85ce86e00afb30ea032310793367cbf1
- SHA1
  
  0b8d31dfaa3a4d4f64ff51c539be3210795fbc01
- SHA256
  
  148f3eaea6acf3686f340905d53c9eb3b6cd5c537ba661a227d3303f45ff1ffa
- SHA512
  
  15d26c987cc2a122c13eefd458ebc40ad6e4ed83bb61d139af16a1d3eecd78ed98272f63a219acad086625a8fa7678b896de76f792804c868a18c39f483a98f4
- SSDEEP
  
  384:ySe8ng4k586MSXLhtv26SMHzWANpSOPNQ1SU/U+l+H5NUclkKAqY1BslRGQZWMVJ:yf8ngf51MgzzDhGxMVJ
Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackeddiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

njrathackeddiscoveryevasionpersistenceprivilege_escalationtrojan