njrat | efd485fb1bb495564cbaba67e413fb288abdd5dd5309c71b89607db28b0e3682 | Triage

Sharing

General

Target

NjRat.0.7D.exe
Size

31KB
Sample

250123-gqb75swjgw
MD5

f875e445ea6997f53ccea541f4a1b933
SHA1

3a11a15bf03b5bf8952ece2d02607ee29b551db4
SHA256

efd485fb1bb495564cbaba67e413fb288abdd5dd5309c71b89607db28b0e3682
SHA512

8ded6ab74bf370d656cf6a5725a97c23f30e783c222cd5dd7189050d0ae9f6e92cf2611bee1e63336cda96874a48802d8d3d5855843f329cde7f69da4a2a0974
SSDEEP

768:WnCfqdzNB0zx/6LmzmnAXdvAFQmIDUu0tiYbj:X6KjpAQVkvj

Score

10^/10

njrat mybot defense_evasion discovery persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

MyBot

C2

7.tcp.eu.ngrok.io:19931

Mutex

b9cb5683b4d6c647e4bd6dd4ddfd092f

Attributes

reg_key
b9cb5683b4d6c647e4bd6dd4ddfd092f
splitter
Y262SUCZ4UJJ

Targets

- Target
  
  NjRat.0.7D.exe
- Size
  
  31KB
- MD5
  
  f875e445ea6997f53ccea541f4a1b933
- SHA1
  
  3a11a15bf03b5bf8952ece2d02607ee29b551db4
- SHA256
  
  efd485fb1bb495564cbaba67e413fb288abdd5dd5309c71b89607db28b0e3682
- SHA512
  
  8ded6ab74bf370d656cf6a5725a97c23f30e783c222cd5dd7189050d0ae9f6e92cf2611bee1e63336cda96874a48802d8d3d5855843f329cde7f69da4a2a0974
- SSDEEP
  
  768:WnCfqdzNB0zx/6LmzmnAXdvAFQmIDUu0tiYbj:X6KjpAQVkvj
Score

10^/10

njrat mybot defense_evasion discovery persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  defense_evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

njratmybotdefense_evasiondiscoverypersistenceprivilege_escalationtrojan

behavioral2

njratdefense_evasiondiscoverypersistenceprivilege_escalationtrojan