njrat | ded5e539288407fae0911f07f99a67e399d22d2b725e46954a2866a04c2e29fa | Triage

Sharing

General

Target

ded5e539288407fae0911f07f99a67e399d22d2b725e46954a2866a04c2e29faN.exe
Size

23KB
Sample

250122-lgvekszkdz
MD5

d5d57d97966079bf971581ab9f6b93c0
SHA1

269bb64f8dca565e03367d0dfe9d41a7c778c2a4
SHA256

ded5e539288407fae0911f07f99a67e399d22d2b725e46954a2866a04c2e29fa
SHA512

a1b7170a762f67f311c0928016a7c04fe045eafa449784769c6b76815221e07963291126e4e8602353c867c04336c2aeda21679978efcd2c112b27b19bf930e0
SSDEEP

384:NqMKyOkBkRbohza8yuTUt7u06zgV4a5pzomRvR6JZlbw8hqIusZzZ7u:n/YI1T0RpcnuF

Score

10^/10

njrat hacked defense_evasion discovery persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

192.168.1.102:963

Mutex

7dc3d936b225d2346adcbb7553bba490

Attributes

reg_key
7dc3d936b225d2346adcbb7553bba490
splitter
|'|'|

Targets

- Target
  
  ded5e539288407fae0911f07f99a67e399d22d2b725e46954a2866a04c2e29faN.exe
- Size
  
  23KB
- MD5
  
  d5d57d97966079bf971581ab9f6b93c0
- SHA1
  
  269bb64f8dca565e03367d0dfe9d41a7c778c2a4
- SHA256
  
  ded5e539288407fae0911f07f99a67e399d22d2b725e46954a2866a04c2e29fa
- SHA512
  
  a1b7170a762f67f311c0928016a7c04fe045eafa449784769c6b76815221e07963291126e4e8602353c867c04336c2aeda21679978efcd2c112b27b19bf930e0
- SSDEEP
  
  384:NqMKyOkBkRbohza8yuTUt7u06zgV4a5pzomRvR6JZlbw8hqIusZzZ7u:n/YI1T0RpcnuF
Score

10^/10

njrat defense_evasion discovery persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratdefense_evasiondiscoverypersistenceprivilege_escalationtrojan

behavioral2

njratdefense_evasiondiscoverypersistenceprivilege_escalationtrojan