njrat | 9d520c7da61215db90f25785cdd81733878507a8c7cdce7de8f2054e6702df58 | Triage

Sharing

General

Target

9d520c7da61215db90f25785cdd81733878507a8c7cdce7de8f2054e6702df58N.exe
Size

201KB
Sample

250107-zxal1aylfv
MD5

7855fb138912d913cbd57fb57bb081b0
SHA1

91b008e69e641632e337ed35dda884db11333dc1
SHA256

9d520c7da61215db90f25785cdd81733878507a8c7cdce7de8f2054e6702df58
SHA512

05cde06159e15f13aafae3ce206c9152cac300e07b8581c2606ecbf68c999105f98db16494926ee644361fb41a587a3e9b820fd68f7542e0dc4b932da2c9c321
SSDEEP

6144:o4DpCY2GhN5TMQEZckZOWf/XEX1Bl+DT:oK2iNmQEdZOWf/cbl+v

Score

10^/10

njrat discovery evasion persistence privilege_escalation trojan

Malware Config

Targets

- Target
  
  9d520c7da61215db90f25785cdd81733878507a8c7cdce7de8f2054e6702df58N.exe
- Size
  
  201KB
- MD5
  
  7855fb138912d913cbd57fb57bb081b0
- SHA1
  
  91b008e69e641632e337ed35dda884db11333dc1
- SHA256
  
  9d520c7da61215db90f25785cdd81733878507a8c7cdce7de8f2054e6702df58
- SHA512
  
  05cde06159e15f13aafae3ce206c9152cac300e07b8581c2606ecbf68c999105f98db16494926ee644361fb41a587a3e9b820fd68f7542e0dc4b932da2c9c321
- SSDEEP
  
  6144:o4DpCY2GhN5TMQEZckZOWf/XEX1Bl+DT:oK2iNmQEdZOWf/cbl+v
Score

10^/10

njrat discovery evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratdiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

njratdiscoveryevasionpersistenceprivilege_escalationtrojan