njrat | 6b4bbd9dba223a17b7d2d4c89d086133c8e42645a206b5015d6c356e2ca3d9eb | Triage

Sharing

General

Target

6b4bbd9dba223a17b7d2d4c89d086133c8e42645a206b5015d6c356e2ca3d9eb.exe
Size

23KB
Sample

250108-c4nqwazrav
MD5

156ec3242167a8c0659217d126c618a1
SHA1

4d935dbe314aca4dbddfb4e1d051c467f7d69696
SHA256

6b4bbd9dba223a17b7d2d4c89d086133c8e42645a206b5015d6c356e2ca3d9eb
SHA512

042217a5793e67b029c6b5d5643f97ba63adfd960c4bdd27d6ce61fe6677c18aeda9a1e10a4af09aff6ceae0a093358b50226fff7ab4eeda0d44ed78b6215412
SSDEEP

384:QweXCQIreJig/8Z7SS1fEBpng6tgL2IBPZVmRvR6JZlbw8hqIusZzZtM:HLq411eRpcnut

Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

nooneno.ddns.net:1177

Mutex

d2926e9813dec783a3281c2785e518c2

Attributes

reg_key
d2926e9813dec783a3281c2785e518c2
splitter
|'|'|

Targets

- Target
  
  6b4bbd9dba223a17b7d2d4c89d086133c8e42645a206b5015d6c356e2ca3d9eb.exe
- Size
  
  23KB
- MD5
  
  156ec3242167a8c0659217d126c618a1
- SHA1
  
  4d935dbe314aca4dbddfb4e1d051c467f7d69696
- SHA256
  
  6b4bbd9dba223a17b7d2d4c89d086133c8e42645a206b5015d6c356e2ca3d9eb
- SHA512
  
  042217a5793e67b029c6b5d5643f97ba63adfd960c4bdd27d6ce61fe6677c18aeda9a1e10a4af09aff6ceae0a093358b50226fff7ab4eeda0d44ed78b6215412
- SSDEEP
  
  384:QweXCQIreJig/8Z7SS1fEBpng6tgL2IBPZVmRvR6JZlbw8hqIusZzZtM:HLq411eRpcnut
Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackeddiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

njratdiscoveryevasionpersistenceprivilege_escalationtrojan