njrat | 180ea288b1a0ff8c3e553fabe891c28ac7eed40a05525920532a75d4fdba3002 | Triage

Sharing

General

Target

JaffaCakes118_4008e7cfef6a3966ae92a300914e9066
Size

33KB
Sample

250106-27b9paslbv
MD5

4008e7cfef6a3966ae92a300914e9066
SHA1

2cd1dc5af0e4da7863d5824368dfaeb12ea78537
SHA256

180ea288b1a0ff8c3e553fabe891c28ac7eed40a05525920532a75d4fdba3002
SHA512

1dbf1a8ec44d1018c2f13c6b20bf24f79640474ba50d629d3c647cb6b74bd8de440b3cc344c9bc4a1a41ed7431ee430842097c1ccbe1e57c2b9d43cb9e33efb6
SSDEEP

768:VvTxsrbTI3IOTTSylBJ4HjQ9lNaWM4trptIqLdDT:tUb7cBJ4DsaW5jtIm

Score

10^/10

njrat hacked evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

rxlwee.ddns.net:5552

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|'|'|

Targets

- Target
  
  JaffaCakes118_4008e7cfef6a3966ae92a300914e9066
- Size
  
  33KB
- MD5
  
  4008e7cfef6a3966ae92a300914e9066
- SHA1
  
  2cd1dc5af0e4da7863d5824368dfaeb12ea78537
- SHA256
  
  180ea288b1a0ff8c3e553fabe891c28ac7eed40a05525920532a75d4fdba3002
- SHA512
  
  1dbf1a8ec44d1018c2f13c6b20bf24f79640474ba50d629d3c647cb6b74bd8de440b3cc344c9bc4a1a41ed7431ee430842097c1ccbe1e57c2b9d43cb9e33efb6
- SSDEEP
  
  768:VvTxsrbTI3IOTTSylBJ4HjQ9lNaWM4trptIqLdDT:tUb7cBJ4DsaW5jtIm
Score

10^/10

njrat hacked evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathacked evasionpersistenceprivilege_escalationtrojan

behavioral2

njrathacked evasionpersistenceprivilege_escalationtrojan