njrat | 17ecfe8188074fedb16f3b5185ecb5af63ebff552a47c26544b52ed5e9ac7827 | Triage

Sharing

General

Target

JaffaCakes118_88a24d4f65891f29c3b494787d3e840d
Size

240KB
Sample

250108-dzc91sskht
MD5

88a24d4f65891f29c3b494787d3e840d
SHA1

ef4465bab7d07c5ff2ecc8597971d194ebe46b27
SHA256

17ecfe8188074fedb16f3b5185ecb5af63ebff552a47c26544b52ed5e9ac7827
SHA512

5e3179a5305762c67f6dbcfc2a0f264f8ff1c095bad8ca8490610113332212bca2b4118f5a35a1db909d5c8881e43efbb1f761115f66b209a73ebd30d02d894d
SSDEEP

3072:4meSGmFf5xcgKFrcT4MQ+AxrzexiRyVhGzWrp7zSXxTdllPCWb6SuL5Hg8Jti8v7:4+GmB7YFrSC3QsRyVhGzWrp7mhTdUHn

Score

10^/10

njrat 거래 evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

거래

C2

gpemtit123.kro.kr:1234

Mutex

b291ea2cd036a5d9e56147750b07fc8d

Attributes

reg_key
b291ea2cd036a5d9e56147750b07fc8d
splitter
|'|'|

Targets

- Target
  
  JaffaCakes118_88a24d4f65891f29c3b494787d3e840d
- Size
  
  240KB
- MD5
  
  88a24d4f65891f29c3b494787d3e840d
- SHA1
  
  ef4465bab7d07c5ff2ecc8597971d194ebe46b27
- SHA256
  
  17ecfe8188074fedb16f3b5185ecb5af63ebff552a47c26544b52ed5e9ac7827
- SHA512
  
  5e3179a5305762c67f6dbcfc2a0f264f8ff1c095bad8ca8490610113332212bca2b4118f5a35a1db909d5c8881e43efbb1f761115f66b209a73ebd30d02d894d
- SSDEEP
  
  3072:4meSGmFf5xcgKFrcT4MQ+AxrzexiRyVhGzWrp7zSXxTdllPCWb6SuL5Hg8Jti8v7:4+GmB7YFrSC3QsRyVhGzWrp7mhTdUHn
Score

10^/10

njrat 거래 evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Drops startup file
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrat거래evasionpersistenceprivilege_escalationtrojan

behavioral2

njrat거래evasionpersistenceprivilege_escalationtrojan