njrat | 39139b54fe592f3b4de0a145e130d9cc4043c8aa9a0a6fb0f371a86f12fd5c77 | Triage

Sharing

General

Target

Easy Binder.exe
Size

1.2MB
Sample

250120-29zsrsvjbj
MD5

03f92b06f2582eecb2243946f1d03908
SHA1

93bc566e3d9c8f50807a110449e925f373452b91
SHA256

39139b54fe592f3b4de0a145e130d9cc4043c8aa9a0a6fb0f371a86f12fd5c77
SHA512

eb85c272afceb83d1131716f8ebc9fe9ca701651be27be7d0a8eae6245f582f340c9fbc05882f663bc605793d86c84e9471e933afc3c76e5b8e7862457c4e9e9
SSDEEP

24576:yB3bYnGKzir+ldqvxmlvSFaGV4JmnLS229XPlIUrQIGPk8Puynyme:y5Xgir+nqnMMCpXP5r5GwQM

Score

10^/10

njrat hacked defense_evasion discovery persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

med0812929.ddns.net:1178

Mutex

89e086f942ae601d295e8222861db4bd

Attributes

reg_key
89e086f942ae601d295e8222861db4bd
splitter
|'|'|

Targets

- Target
  
  Easy Binder.exe
- Size
  
  1.2MB
- MD5
  
  03f92b06f2582eecb2243946f1d03908
- SHA1
  
  93bc566e3d9c8f50807a110449e925f373452b91
- SHA256
  
  39139b54fe592f3b4de0a145e130d9cc4043c8aa9a0a6fb0f371a86f12fd5c77
- SHA512
  
  eb85c272afceb83d1131716f8ebc9fe9ca701651be27be7d0a8eae6245f582f340c9fbc05882f663bc605793d86c84e9471e933afc3c76e5b8e7862457c4e9e9
- SSDEEP
  
  24576:yB3bYnGKzir+ldqvxmlvSFaGV4JmnLS229XPlIUrQIGPk8Puynyme:y5Xgir+nqnMMCpXP5r5GwQM
Score

10^/10

njrat hacked defense_evasion discovery trojan persistence privilege_escalation
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  defense_evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackeddefense_evasiondiscoverytrojan

behavioral2

njrathackeddefense_evasiondiscoverypersistenceprivilege_escalationtrojan