njrat | 29c45a046d058cb7417e88bd109541046a2cba16c48c1bfc285d64e02822140d | Triage

Sharing

General

Target

JaffaCakes118_89aa5a0fda1879c30aa8dbe78a653f3e
Size

168KB
Sample

250105-eejfzasqhn
MD5

89aa5a0fda1879c30aa8dbe78a653f3e
SHA1

079e11025da691bf774aae682d949601edefb363
SHA256

29c45a046d058cb7417e88bd109541046a2cba16c48c1bfc285d64e02822140d
SHA512

f9fcaad2f544b56601cea90cca0203acfb8593a884edf55877a85202228b0f0061fbb26e13f96476f6e4f9aaa8a88dccf2fcee0f2f96de7a959792f5e382fbcf
SSDEEP

3072:kT/WaQrJW7KeX8GzEdkidNIxTdllPCWb6SuL5Hg8Jti8vWqitwLHvwFLOUp:kzWaQrJWKeX8iDid6TdUHnnv8

Score

10^/10

njrat 4월7일 evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

4월7일

C2

guswns740.codns.com:5552

Mutex

d2abe5e9117deeb4eae4472e2992b74e

Attributes

reg_key
d2abe5e9117deeb4eae4472e2992b74e
splitter
|'|'|

Targets

- Target
  
  JaffaCakes118_89aa5a0fda1879c30aa8dbe78a653f3e
- Size
  
  168KB
- MD5
  
  89aa5a0fda1879c30aa8dbe78a653f3e
- SHA1
  
  079e11025da691bf774aae682d949601edefb363
- SHA256
  
  29c45a046d058cb7417e88bd109541046a2cba16c48c1bfc285d64e02822140d
- SHA512
  
  f9fcaad2f544b56601cea90cca0203acfb8593a884edf55877a85202228b0f0061fbb26e13f96476f6e4f9aaa8a88dccf2fcee0f2f96de7a959792f5e382fbcf
- SSDEEP
  
  3072:kT/WaQrJW7KeX8GzEdkidNIxTdllPCWb6SuL5Hg8Jti8vWqitwLHvwFLOUp:kzWaQrJWKeX8iDid6TdUHnnv8
Score

10^/10

njrat 4월7일 evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Drops startup file
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrat4월7일evasionpersistenceprivilege_escalationtrojan

behavioral2

njrat4월7일evasionpersistenceprivilege_escalationtrojan