njrat | 1eb4a597a32687b808a75a8350d967f471bc230c52a1ff3ffcab4ba6ecbc2076 | Triage

Sharing

General

Target

cheat.exe
Size

93KB
Sample

250122-3xwe9asjft
MD5

ed3d87642e5378a74c7235cc4b91abbe
SHA1

b93b96baa63d5bbdd92388c643c17cd292d8fc9c
SHA256

1eb4a597a32687b808a75a8350d967f471bc230c52a1ff3ffcab4ba6ecbc2076
SHA512

b3cfd60b378c204e44053169e42e600d86cddcf3498146b18316c21adeb7268e44693d2a87e5d2f9cacbf9b58a462b9f772734709a50ba5402d9ab3823388fb7
SSDEEP

768:fY3ddnD9O/pBcxYsbae6GIXb9pDX2t9zPL0OXLeuXxrjEtCdnl2pi1Rz4Rk3psGs:wdxOx6baIa9ROj00ljEwzGi1dD5DegS

Score

10^/10

njrat hacked defense_evasion discovery persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

hakim32.ddns.net:2000

127.0.0.1:5552

Mutex

97971fd1e2ee381e5b37d2f6863a113c

Attributes

reg_key
97971fd1e2ee381e5b37d2f6863a113c
splitter
|'|'|

Targets

- Target
  
  cheat.exe
- Size
  
  93KB
- MD5
  
  ed3d87642e5378a74c7235cc4b91abbe
- SHA1
  
  b93b96baa63d5bbdd92388c643c17cd292d8fc9c
- SHA256
  
  1eb4a597a32687b808a75a8350d967f471bc230c52a1ff3ffcab4ba6ecbc2076
- SHA512
  
  b3cfd60b378c204e44053169e42e600d86cddcf3498146b18316c21adeb7268e44693d2a87e5d2f9cacbf9b58a462b9f772734709a50ba5402d9ab3823388fb7
- SSDEEP
  
  768:fY3ddnD9O/pBcxYsbae6GIXb9pDX2t9zPL0OXLeuXxrjEtCdnl2pi1Rz4Rk3psGs:wdxOx6baIa9ROj00ljEwzGi1dD5DegS
Score

10^/10

njrat hacked defense_evasion discovery persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  defense_evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackeddefense_evasiondiscoverypersistenceprivilege_escalationtrojan

behavioral2

defense_evasiondiscoverypersistenceprivilege_escalation