njrat | 1608067bcfbc0d33c37ca63583e9cc3c45026d7c6077989740a5cfce9f9a6624 | Triage

Sharing

General

Target

250224-s84kwszry4_pw_infected.zip
Size

15KB
Sample

250224-wc2m7swls7
MD5

1f340537e0e959bae9e6dfdb08cb36a0
SHA1

7ac555fe39d328b7136a8f56eaaeb0ac8e1ab0b7
SHA256

1608067bcfbc0d33c37ca63583e9cc3c45026d7c6077989740a5cfce9f9a6624
SHA512

83305b19af9af4a2fdd6353eed9564a8b64788f21569de3798cc7090141c3f7bf672252cd3c00e718370e1ab7206df262dfa44229d671dfca031664e1ea42009
SSDEEP

192:0ym4l0ZNc/Tmij4UZ0yeGwS5UHgyVkkuCJAGdFASllGrwl0JJHu1xxfFd1AqFeTE:DmZNgTCye65JXbWFiG0JcDFzBzkoV

Score

10^/10

njrat mybot defense_evasion discovery persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

MyBot

C2

127.0.0.1:6522

Mutex

60c28f2ec9c1d3d7f391e11534af955e

Attributes

reg_key
60c28f2ec9c1d3d7f391e11534af955e
splitter
Y262SUCZ4UJJ

Targets

- Target
  
  Client.exe
- Size
  
  31KB
- MD5
  
  c1e1a897a37cba513dc9dfddedbcde38
- SHA1
  
  374066888f20838dc30e66b2c096e79b80fa69ab
- SHA256
  
  d696e8d25a81c50c80c1ecf6e771aa6f611ab06fbab8361b93b042b21a74569a
- SHA512
  
  91077e9239ef5827669b4bd3355c80fd980920ea59cbbd335b4eba3d853c0c339e362a8875f17b953e3d2de17f144d9526a9392a47e8a3ca1bc04adb7f31d220
- SSDEEP
  
  768:zFM5TP1/plIzxTCfVYAvN1Zvy/QmIDUu0tiUVj:Ob1ay/YQVkJj
Score

10^/10

njrat defense_evasion discovery persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  defense_evasion
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratdefense_evasiondiscoverypersistenceprivilege_escalationtrojan