njrat | 23d0adb6665c8d31b2f2f646aec6ff3507eeab0683e963ddf5e3bce40b9593f9 | Triage

Sharing

General

Target

23d0adb6665c8d31b2f2f646aec6ff3507eeab0683e963ddf5e3bce40b9593f9.exe
Size

237KB
Sample

250201-2tj3datpct
MD5

ad1227c52b7d062fa428778f60188be4
SHA1

ffa2bbbbab19fb7a28ccbfc8e96b0c94c85b0df8
SHA256

23d0adb6665c8d31b2f2f646aec6ff3507eeab0683e963ddf5e3bce40b9593f9
SHA512

d2d8188f451d645d0283e8938e5063f1e5ff22c6af550f003382ae33f63513062fafb4622a60e98f9fd1bdc00a484024888846e71392447bf4c2811e2a7079bb
SSDEEP

3072:F/ItRZp06PJHbIxs+VGSYzlg+lAMSpBV4W/E+z1IQwqznHpYQ5czMWDBoWkb7RKI:zs+V7s6+l+yWD+QwqzHqQk27PJES

Score

10^/10

njrat hacked defense_evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

HacKed

C2

payment-rivers.gl.at.ply.gg:15267

Mutex

392725c4d836f07a62148783f8b913f2

Attributes

reg_key
392725c4d836f07a62148783f8b913f2
splitter
|'|'|

Targets

- Target
  
  23d0adb6665c8d31b2f2f646aec6ff3507eeab0683e963ddf5e3bce40b9593f9.exe
- Size
  
  237KB
- MD5
  
  ad1227c52b7d062fa428778f60188be4
- SHA1
  
  ffa2bbbbab19fb7a28ccbfc8e96b0c94c85b0df8
- SHA256
  
  23d0adb6665c8d31b2f2f646aec6ff3507eeab0683e963ddf5e3bce40b9593f9
- SHA512
  
  d2d8188f451d645d0283e8938e5063f1e5ff22c6af550f003382ae33f63513062fafb4622a60e98f9fd1bdc00a484024888846e71392447bf4c2811e2a7079bb
- SSDEEP
  
  3072:F/ItRZp06PJHbIxs+VGSYzlg+lAMSpBV4W/E+z1IQwqznHpYQ5czMWDBoWkb7RKI:zs+V7s6+l+yWD+QwqzHqQk27PJES
Score

10^/10

njrat hacked defense_evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  defense_evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackeddefense_evasionpersistenceprivilege_escalationtrojan

behavioral2

njrathackeddefense_evasionpersistenceprivilege_escalationtrojan