njrat | 005fed6033a7f77a9b7b236ce0509be44215c6bd25d7fae2e54c805f98f6ab2d | Triage

Sharing

General

Target

005fed6033a7f77a9b7b236ce0509be44215c6bd25d7fae2e54c805f98f6ab2d.exe
Size

863KB
Sample

250208-abkgmswjer
MD5

af070137205d4c3cdb7d04e6ad091526
SHA1

4f98682f27efd1234df058df3894190e7faab7ad
SHA256

005fed6033a7f77a9b7b236ce0509be44215c6bd25d7fae2e54c805f98f6ab2d
SHA512

2b0a82dd53783b880d029d25295ec41c88f47af04addeac0216c8cf20ae5bf0f1cc443bd8a5c04f07f19212d7f01374d15db5a72a188102edf13887fdb4babc9
SSDEEP

12288:W4lsXvtCcmVVXzzn4PJAahPl/QEdIMiVbHydEIJnJWUgav7RyFq9MmCSW:W4lavt0LkLL9IMixoEgeajRyFq9MmCSW

Score

10^/10

njrat hacked defense_evasion discovery persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

127.0.0.1:5552

Mutex

279f6960ed84a752570aca7fb2dc1552

Attributes

reg_key
279f6960ed84a752570aca7fb2dc1552
splitter
|'|'|

Targets

- Target
  
  005fed6033a7f77a9b7b236ce0509be44215c6bd25d7fae2e54c805f98f6ab2d.exe
- Size
  
  863KB
- MD5
  
  af070137205d4c3cdb7d04e6ad091526
- SHA1
  
  4f98682f27efd1234df058df3894190e7faab7ad
- SHA256
  
  005fed6033a7f77a9b7b236ce0509be44215c6bd25d7fae2e54c805f98f6ab2d
- SHA512
  
  2b0a82dd53783b880d029d25295ec41c88f47af04addeac0216c8cf20ae5bf0f1cc443bd8a5c04f07f19212d7f01374d15db5a72a188102edf13887fdb4babc9
- SSDEEP
  
  12288:W4lsXvtCcmVVXzzn4PJAahPl/QEdIMiVbHydEIJnJWUgav7RyFq9MmCSW:W4lavt0LkLL9IMixoEgeajRyFq9MmCSW
Score

10^/10

njrat hacked defense_evasion discovery persistence privilege_escalation trojan
- Njrat family
  njrat
- UAC bypass
  defense_evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Downloads MZ/PE file
- Modifies Windows Firewall
  defense_evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  defense_evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackeddefense_evasiondiscoverypersistenceprivilege_escalationtrojan

behavioral2

njratdefense_evasiondiscoverypersistenceprivilege_escalationtrojan