Overview

overview

10

Static

static

3

RootRAT.rar

windows7-x64

10

RootRAT.rar

windows10-2004-x64

8

RootRAT/Pl...am.dll

windows7-x64

3

RootRAT/Pl...am.dll

windows10-2004-x64

8

RootRAT/Plugin/ch.dll

windows7-x64

1

RootRAT/Plugin/ch.dll

windows10-2004-x64

8

RootRAT/Pl...ic.dll

windows7-x64

1

RootRAT/Pl...ic.dll

windows10-2004-x64

8

RootRAT/Pl...lg.dll

windows7-x64

3

RootRAT/Pl...lg.dll

windows10-2004-x64

8

RootRAT/Plugin/pw.dll

windows7-x64

3

RootRAT/Plugin/pw.dll

windows10-2004-x64

8

RootRAT/Pl...c2.dll

windows7-x64

1

RootRAT/Pl...c2.dll

windows10-2004-x64

8

RootRAT/Stub.ps1

windows7-x64

3

RootRAT/Stub.ps1

windows10-2004-x64

8

RootRAT/WinMM.Net.dll

windows7-x64

1

RootRAT/WinMM.Net.dll

windows10-2004-x64

8

RootRAT/nj...og.rtf

windows7-x64

4

RootRAT/nj...og.rtf

windows10-2004-x64

8

Resubmissions

14-02-2025 19:38

250214-ycpdzsxmck 10

14-02-2025 19:38

250214-ycd81sxqav 8

14-02-2025 19:35

250214-yanpnsxlhn 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RootRAT.rar

  • Size

    8.7MB

  • Sample

    250214-yanpnsxlhn

  • MD5

    3001959ffa3eb5d7a2137ed8c6742220

  • SHA1

    fcf3527d9acb615d87d7f755775c9a11ea5856c9

  • SHA256

    ee21f7603068571e079668c4db4fc4b71e52e4056de57475a4de0e9a69dc1c39

  • SHA512

    3880eab40cb28c64591d57989fa09bb112416031b3fb39c8bf71429efdd4ceb9b91a7cf18d4aff5a6e53bd1d70c6483b2680a33496fbc416316379e478689eb1

  • SSDEEP

    196608:u3zbdzrRceeFK4JJU5KUhAu/aF6EfGcTwZJThYjBOKvjXi5GTYSyKirX:udrCrK7KUhA0VcTeTuXW5GcS6

Score
10/10
njrathackeddefense_evasiondiscoveryexecutionpersistenceprivilege_escalationtrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

127.0.0.1:5552

Mutex

8988c269b68aec59915e8fac0e1480d5

Attributes
  • reg_key

    8988c269b68aec59915e8fac0e1480d5

  • splitter

    |'|'|

Targets

    • Target

      RootRAT.rar

    • Size

      8.7MB

    • MD5

      3001959ffa3eb5d7a2137ed8c6742220

    • SHA1

      fcf3527d9acb615d87d7f755775c9a11ea5856c9

    • SHA256

      ee21f7603068571e079668c4db4fc4b71e52e4056de57475a4de0e9a69dc1c39

    • SHA512

      3880eab40cb28c64591d57989fa09bb112416031b3fb39c8bf71429efdd4ceb9b91a7cf18d4aff5a6e53bd1d70c6483b2680a33496fbc416316379e478689eb1

    • SSDEEP

      196608:u3zbdzrRceeFK4JJU5KUhAu/aF6EfGcTwZJThYjBOKvjXi5GTYSyKirX:udrCrK7KUhA0VcTeTuXW5GcS6

    Score
    10/10
    njrathackeddefense_evasiondiscoverypersistenceprivilege_escalationtrojan

    • Njrat family

      njrat

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Downloads MZ/PE file

    • Modifies Windows Firewall

      defense_evasion

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      RootRAT/Plugin/cam.dll

    • Size

      63KB

    • MD5

      a73edb60b80a2dfa86735d821bea7b19

    • SHA1

      f39a54d7bc25425578a2b800033e4508714a73ed

    • SHA256

      7a4977b024d048b71bcc8f1cc65fb06e4353821323f852dc6740b79b9ab75c98

    • SHA512

      283e9206d0b56c1f8b0741375ccd0a184410cf89f5f42dfe91e7438c5fd0ac7fa4afbb84b8b7ea448b3093397552fd3731b9be74c67b846d946da486dcf0df68

    • SSDEEP

      1536:7EoML5LFXbUu5ExN3hep+cx4sKcuxpSe:7ERZxQxep+cx5Kcu3

    Score
    8/10
    discovery

    • Downloads MZ/PE file

    behavioral3behavioral4

    • Target

      RootRAT/Plugin/ch.dll

    • Size

      12KB

    • MD5

      e747fa3339c1f138b6bfce707b541d03

    • SHA1

      b95c54fbd6eb20ba4b4e69736b574baa2699ab8e

    • SHA256

      6e31148cc1b3235b71731c3944a7b06f861e104e978708d12c695ec09b5b3760

    • SHA512

      b970c3e8bf6a2e3ae920bc8bd014edb86ca92c85a2bccff732c7e5eb2f81ffbd902a34a0a68bd51545954b5f4d6dd1bb84b5c005868c0659717eba2892a67355

    • SSDEEP

      192:pc/uGfMx2+zkUakpBZHrPzYuPYrDq+PzDuGRDAVEBP6jUvsB3npn3mNFcTf:wuGk2oakpBZHrPzYuPYrW+bDPRDiEBPE

    Score
    8/10
    discovery

    • Downloads MZ/PE file

    behavioral5behavioral6

    • Target

      RootRAT/Plugin/mic.dll

    • Size

      50KB

    • MD5

      d4c5ddc00f27162fc0947830e0e762b7

    • SHA1

      7769be616d752e95d80e167f2ef4cc6b8c3c21fe

    • SHA256

      b6fb6b66821e70a27a4750b0cd0393e4ee2603a47feac48d6a3d66d1c1cb56d5

    • SHA512

      9555f800213f2f4a857b4558aa4d030edf41485b8366812d5a6b9adcc77fc21584e30d2dd9ce515846f3a809c85038958cb8174bf362cf6fed97ca99a826e379

    • SSDEEP

      1536:YmXfC5RemUFTxqPbSiQZrCF1HzGL17d8:YmXfCgFTxq+iQZrGTGL17d8

    Score
    8/10
    discovery

    • Downloads MZ/PE file

    behavioral7behavioral8

    • Target

      RootRAT/Plugin/plg.dll

    • Size

      28KB

    • MD5

      0cbc2d9703feead9783439e551c2b673

    • SHA1

      4f8f4addd6f9e60598a7f4a191a89a52201394a8

    • SHA256

      ea9ecf8723788feef6492bf938cdfab1266a1558dffe75e1f78a998320f96e39

    • SHA512

      06f55b542000e23f5eeba45ea5ff9ffaddddd102935e039e4496af5e5083f257129dab2f346eeae4ee864f54db57d3c73cf6ed1d3568087411203769cf0ddd66

    • SSDEEP

      384:iLa+IgaVdBJfFfZsDNujglHdUky5P6bL2XIadYweVqJE+La7gmlweR9Oq7Bp2RhG:8ZIgYdbfAhdGJ6bL6YT2fO9vca2kSs

    Score
    8/10
    discovery

    • Downloads MZ/PE file

    behavioral10behavioral9

    • Target

      RootRAT/Plugin/pw.dll

    • Size

      251KB

    • MD5

      872401528fc94c90f3de6658e776cc36

    • SHA1

      c58e22158774d16831350de79eb4e1711379e8a6

    • SHA256

      3a1cc072effd8c38406a6fddf4d8f49c5366bb0e32071311d90db669940987ce

    • SHA512

      6da881fb968ba9d9200777a9f19d69220468482f3eaaf687c433790d512da520f5adb23441fdc8f3fd10785918eb2864ea3ef32ddb80d2f6665550ea455f4a2f

    • SSDEEP

      6144:/e31bXJVFJmShoCKFdZ3aDGjXsCUjguhyUOMO1:WxJ/JmSG9T8CEgdM

    Score
    8/10
    discovery

    • Downloads MZ/PE file

    behavioral11behavioral12

    • Target

      RootRAT/Plugin/sc2.dll

    • Size

      12KB

    • MD5

      19967e886edcd2f22f8d4a58c8ea3773

    • SHA1

      bf6e0e908eaad659fdd32572e9d73c5476ca26ec

    • SHA256

      3e5141c75b7746c0eb2b332082a165deacb943cef26bd84668e6b79b47bdfd93

    • SHA512

      d471df3f0d69909e8ef9f947da62c77c3ff1eb97ac1dd53a74ad09fb4d74ec26c3c22facc18ec04f26df3b85b0c70863119f5baa090b110ab25383fcdb4e9d6e

    • SSDEEP

      192:3SDU/WQw9hM/BIlbzMmY3CX80B2/mZLks4LX08Lt6dD5DHqKlZTFzfpni48nafL8:3SDOOMJIpIm8/IQs4z08IdD5DvZTFTpM

    Score
    8/10
    discovery

    • Downloads MZ/PE file

    behavioral13behavioral14

    • Target

      RootRAT/Stub.il

    • Size

      228KB

    • MD5

      2041e64bffccfbc9379235fdf294f188

    • SHA1

      19c1fd78e8f36493e2a9b1c0e437afc2416586f8

    • SHA256

      daa4362a762a472f717a480102883382b41dc5c17484f649272c5bdb5142917c

    • SHA512

      c5d5be4615767483432287d3486e805d6744d45a5eac6445cef87ce1e8475bcdbb521dcd8d1c7918d8d73d6634617842b67290bc4fb734a4ab31dfe7daaaec13

    • SSDEEP

      6144:AdCb38V4N80EC7PAdpJZrLZ9u4zDdyxGu8VnNQUC:AdCb38V4N80EC7PAdzZrLZ9u4zDdyxGG

    Score
    8/10
    executiondiscovery

    • Downloads MZ/PE file

    behavioral15behavioral16

    • Target

      RootRAT/WinMM.Net.dll

    • Size

      43KB

    • MD5

      d4b80052c7b4093e10ce1f40ce74f707

    • SHA1

      2494a38f1c0d3a0aa9b31cf0650337cacc655697

    • SHA256

      59e2ac1b79840274bdfcef412a10058654e42f4285d732d1487e65e60ffbfb46

    • SHA512

      3813b81f741ae3adb07ae370e817597ed2803680841ccc7549babb727910c7bff4f8450670d0ca19a0d09e06f133a1aaefecf5b5620e1b0bdb6bcd409982c450

    • SSDEEP

      768:LyasDzF2TDSemqD9tGI+ffwj2Au0LVpqmf7KxcOOrYCPTxqPb85:LyaXKemqD9tGI+ffwj2Au0LVpq4KWrlv

    Score
    8/10
    discovery

    • Downloads MZ/PE file

    behavioral17behavioral18

    • Target

      RootRAT/nj_users/WINDOWS7_X64_Bilal Khan_B24AD1B6/Keylog.rtf

    • Size

      179B

    • MD5

      ed0018366207e1ccd3a46ccb37b6c2e4

    • SHA1

      be32281c8020079a9ae1d186a54ba31babb199f5

    • SHA256

      b1dd4fd8cdd2e913619884e6fa665afcebf917794e30e41cd756f6c514e306b6

    • SHA512

      bd866b54e2cf3a59858e76b001055c0edceffebc2d06e8f08cc1f34efd70928380d78821220e336c1af0dac7d8ad339962c2062c629bb89121543b631675bc09

    Score
    8/10
    discovery

    • Downloads MZ/PE file

    behavioral19behavioral20

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

System Network Configuration Discovery

1
T1016

Internet Connection Discovery

1
T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks