njrat | 295161e1ff28aa0d998a9ce2f130229503a321cc8cdeff9d5cb11d81aebbff55 | Triage

Sharing

General

Target

JaffaCakes118_b914da0547b22709f5805917f2ff682a
Size

125KB
Sample

250105-x2a28atkez
MD5

b914da0547b22709f5805917f2ff682a
SHA1

2234e7d5bb9aa0ca0930e28ed0f9069ae5e392cd
SHA256

295161e1ff28aa0d998a9ce2f130229503a321cc8cdeff9d5cb11d81aebbff55
SHA512

31cd39c87440b580fb4f2ca036afe40f09498d405036b76ac34d32529f50944ce12f192ec7eaf00dc58e42ff23f40bb00cd4852664014e6f89405cd56bc3e16f
SSDEEP

3072:4FQHEzBdz35ufoEX9nsOSVifwB/nW9TU4GXiV:4FQHSBdzJsdXeE4NWg2

Score

10^/10

njrat discovery evasion persistence privilege_escalation trojan

Malware Config

Targets

- Target
  
  JaffaCakes118_b914da0547b22709f5805917f2ff682a
- Size
  
  125KB
- MD5
  
  b914da0547b22709f5805917f2ff682a
- SHA1
  
  2234e7d5bb9aa0ca0930e28ed0f9069ae5e392cd
- SHA256
  
  295161e1ff28aa0d998a9ce2f130229503a321cc8cdeff9d5cb11d81aebbff55
- SHA512
  
  31cd39c87440b580fb4f2ca036afe40f09498d405036b76ac34d32529f50944ce12f192ec7eaf00dc58e42ff23f40bb00cd4852664014e6f89405cd56bc3e16f
- SSDEEP
  
  3072:4FQHEzBdz35ufoEX9nsOSVifwB/nW9TU4GXiV:4FQHSBdzJsdXeE4NWg2
Score

10^/10

njrat discovery evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratdiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

njratdiscoveryevasionpersistenceprivilege_escalationtrojan