njrat | a6a6cad52f790838dca0f625f830a8529d26481f47cd4ea9273361ee246ae879 | Triage

Sharing

General

Target

a6a6cad52f790838dca0f625f830a8529d26481f47cd4ea9273361ee246ae879.exe
Size

201KB
Sample

250107-klhqxatjg1
MD5

9f1255300e275f25013d90993b4e326a
SHA1

b2cf1e825fecab4b44a2bb21256d25229e459732
SHA256

a6a6cad52f790838dca0f625f830a8529d26481f47cd4ea9273361ee246ae879
SHA512

ea8502c08d2f06e828e401bfcee1702244a6594eadf95d159d5af9280a40c1adb0fd019f15aeb864538691247c6df5e11dd5ce86bafef5dd49f2f2eacac9a99e
SSDEEP

6144:o4DpCY2GhN5TMQEZckZOWf/XEX1Bl+DT6:oK2iNmQEdZOWf/cbl+v6

Score

10^/10

njrat discovery evasion persistence privilege_escalation trojan

Malware Config

Targets

- Target
  
  a6a6cad52f790838dca0f625f830a8529d26481f47cd4ea9273361ee246ae879.exe
- Size
  
  201KB
- MD5
  
  9f1255300e275f25013d90993b4e326a
- SHA1
  
  b2cf1e825fecab4b44a2bb21256d25229e459732
- SHA256
  
  a6a6cad52f790838dca0f625f830a8529d26481f47cd4ea9273361ee246ae879
- SHA512
  
  ea8502c08d2f06e828e401bfcee1702244a6594eadf95d159d5af9280a40c1adb0fd019f15aeb864538691247c6df5e11dd5ce86bafef5dd49f2f2eacac9a99e
- SSDEEP
  
  6144:o4DpCY2GhN5TMQEZckZOWf/XEX1Bl+DT6:oK2iNmQEdZOWf/cbl+v6
Score

10^/10

njrat discovery evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratdiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

njratdiscoveryevasionpersistenceprivilege_escalationtrojan