njrat | 68c902097fafe0f8b5909e267d1fe6912e943b07f7e9a96030de32da676635eb | Triage

Sharing

General

Target

faas.ps1
Size

125KB
Sample

250109-2mj4ssvrfl
MD5

d8c72c294f72a8b7541b91ed18cbe16c
SHA1

86e589115fcb800714350458674f06032a8c0ed7
SHA256

68c902097fafe0f8b5909e267d1fe6912e943b07f7e9a96030de32da676635eb
SHA512

0795004a0814dcfca238005dafc1e240b2ceca0b13909176f0721fbed8a54b0e2a527f33b2d3e94917a1b68f1302d35a092c00b5dc726dbf6a9fbc4d9732c1df
SSDEEP

3072:W1FulgDUujHZ9WOASQ87jX9a7nvDNCvJZSHDmhKvrQxa0:mF1UKrWOAsj0vDNCvvWsKzQx3

Score

10^/10

njrat hacked discovery evasion execution persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

hakim32.ddns.net:2000

127.0.0.1:4444

Mutex

51820cb0a31bd77e1a3fe5a2fd3b47f2

Attributes

reg_key
51820cb0a31bd77e1a3fe5a2fd3b47f2
splitter
|'|'|

Targets

- Target
  
  faas.ps1
- Size
  
  125KB
- MD5
  
  d8c72c294f72a8b7541b91ed18cbe16c
- SHA1
  
  86e589115fcb800714350458674f06032a8c0ed7
- SHA256
  
  68c902097fafe0f8b5909e267d1fe6912e943b07f7e9a96030de32da676635eb
- SHA512
  
  0795004a0814dcfca238005dafc1e240b2ceca0b13909176f0721fbed8a54b0e2a527f33b2d3e94917a1b68f1302d35a092c00b5dc726dbf6a9fbc4d9732c1df
- SSDEEP
  
  3072:W1FulgDUujHZ9WOASQ87jX9a7nvDNCvJZSHDmhKvrQxa0:mF1UKrWOAsj0vDNCvvWsKzQx3
Score

10^/10

discovery evasion execution persistence privilege_escalation njrat hacked trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Drops startup file
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionexecutionpersistenceprivilege_escalation

behavioral2

njrathackeddiscoveryevasionexecutionpersistenceprivilege_escalationtrojan