njrat | d28868ae93453913bbe42e5e0f85cdaa719cb5b17cbbd3d60ccf5cd4f0359248 | Triage

Sharing

General

Target

d28868ae93453913bbe42e5e0f85cdaa719cb5b17cbbd3d60ccf5cd4f0359248.exe
Size

23KB
Sample

250205-d2s39ayndk
MD5

c5191fc05d651b37550acd825aa96122
SHA1

780785860d9120af618623b9f94ecb3f1afd143f
SHA256

d28868ae93453913bbe42e5e0f85cdaa719cb5b17cbbd3d60ccf5cd4f0359248
SHA512

61be5a053752c333b0f1a52b69d24477b055d0a0742a2ec4441e4ba918a527bea056cfe3ff76ac402a863b04655b7fd656c63fae95df8ee7f03630150f8ecbf8
SSDEEP

384:+Y324bcgPiJLQrfARGSRUJsbY6ZgvSMBD3t8mRvR6JZlbw8hqIusZzZj145:hL2s+tRyRpcnup5

Score

10^/10

njrat hacked defense_evasion discovery persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

102.43.247.109:2525

Mutex

5db5b878fdb8adf72347d50abd574104

Attributes

reg_key
5db5b878fdb8adf72347d50abd574104
splitter
|'|'|

Targets

- Target
  
  d28868ae93453913bbe42e5e0f85cdaa719cb5b17cbbd3d60ccf5cd4f0359248.exe
- Size
  
  23KB
- MD5
  
  c5191fc05d651b37550acd825aa96122
- SHA1
  
  780785860d9120af618623b9f94ecb3f1afd143f
- SHA256
  
  d28868ae93453913bbe42e5e0f85cdaa719cb5b17cbbd3d60ccf5cd4f0359248
- SHA512
  
  61be5a053752c333b0f1a52b69d24477b055d0a0742a2ec4441e4ba918a527bea056cfe3ff76ac402a863b04655b7fd656c63fae95df8ee7f03630150f8ecbf8
- SSDEEP
  
  384:+Y324bcgPiJLQrfARGSRUJsbY6ZgvSMBD3t8mRvR6JZlbw8hqIusZzZj145:hL2s+tRyRpcnup5
Score

10^/10

njrat hacked defense_evasion discovery persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  defense_evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackeddefense_evasiondiscoverypersistenceprivilege_escalationtrojan

behavioral2

njratdefense_evasiondiscoverypersistenceprivilege_escalationtrojan