njrat | 4424007959b17acbbc6899984ac379acfd778ab4bfd5d3237eef1ed493500cc5 | Triage

Sharing

General

Target

4424007959b17acbbc6899984ac379acfd778ab4bfd5d3237eef1ed493500cc5.exe
Size

37KB
Sample

250124-plpxfazlar
MD5

2932f7a56fce9ae83b2984f787ed0dc9
SHA1

5482a21a86c1222a7cd7a8bf7526f46b1201658a
SHA256

4424007959b17acbbc6899984ac379acfd778ab4bfd5d3237eef1ed493500cc5
SHA512

477c21cb5bfb3cdd56405b925710e253df7979825f4825cff94d8274c4441cd7477441ab8f541d0f96e05fff55a77b2c5abc5928c6aede8e06ef12b98d6324af
SSDEEP

384:hEigUiDrblmJEpRGyEfdDPTuWCYqAEkJhrAF+rMRTyN/0L+EcoinblneHQM3epzK:GiyHpR9EfdDCWClALhrM+rMRa8NuMRtr

Score

10^/10

njrat csrs defense_evasion discovery persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

csrs

C2

veronicafola.ddns.net:1177

Mutex

6ba8ee6e8614f76eb58d1f68854d467b

Attributes

reg_key
6ba8ee6e8614f76eb58d1f68854d467b
splitter
|'|'|

Targets

- Target
  
  4424007959b17acbbc6899984ac379acfd778ab4bfd5d3237eef1ed493500cc5.exe
- Size
  
  37KB
- MD5
  
  2932f7a56fce9ae83b2984f787ed0dc9
- SHA1
  
  5482a21a86c1222a7cd7a8bf7526f46b1201658a
- SHA256
  
  4424007959b17acbbc6899984ac379acfd778ab4bfd5d3237eef1ed493500cc5
- SHA512
  
  477c21cb5bfb3cdd56405b925710e253df7979825f4825cff94d8274c4441cd7477441ab8f541d0f96e05fff55a77b2c5abc5928c6aede8e06ef12b98d6324af
- SSDEEP
  
  384:hEigUiDrblmJEpRGyEfdDPTuWCYqAEkJhrAF+rMRTyN/0L+EcoinblneHQM3epzK:GiyHpR9EfdDCWClALhrM+rMRa8NuMRtr
Score

10^/10

njrat csrs defense_evasion discovery persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  defense_evasion
- Executes dropped EXE
- Loads dropped DLL
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratcsrsdefense_evasiondiscoverypersistenceprivilege_escalationtrojan

behavioral2