njrat | 0f722c0c9b8b16575fa0a7d5ffc67cc59a07be308669599933c8362d1aca0cee | Triage

Sharing

General

Target

0f722c0c9b8b16575fa0a7d5ffc67cc59a07be308669599933c8362d1aca0cee
Size

188KB
Sample

250302-yhmgkssrw6
MD5

7bf85fb4ca2890cbec29eece00ab4dd3
SHA1

98322559eadf493625ecb1c45ee2f88496f3dbcb
SHA256

0f722c0c9b8b16575fa0a7d5ffc67cc59a07be308669599933c8362d1aca0cee
SHA512

3ca80df3013ba8eceb60f1e6b70bbcf9a3261652da52b5bc2cfc9248f8ce991a79b9979cf3e050a150fe8e93b3add25ee657eea8c1e5f43658f4ba5e9036b0ad
SSDEEP

3072:BSFKNYHiDg+NwA8eobw9XyPekpL6qwFqkBNjyERBdxD3I:lNgiyAd9XMtxwFqkLjM

Score

10^/10

njrat hacked defense_evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

bossik.ddns.net:777

Mutex

5189075cbe03b536e4350cfebaeca464

Attributes

reg_key
5189075cbe03b536e4350cfebaeca464
splitter
|'|'|

Targets

- Target
  
  0f722c0c9b8b16575fa0a7d5ffc67cc59a07be308669599933c8362d1aca0cee
- Size
  
  188KB
- MD5
  
  7bf85fb4ca2890cbec29eece00ab4dd3
- SHA1
  
  98322559eadf493625ecb1c45ee2f88496f3dbcb
- SHA256
  
  0f722c0c9b8b16575fa0a7d5ffc67cc59a07be308669599933c8362d1aca0cee
- SHA512
  
  3ca80df3013ba8eceb60f1e6b70bbcf9a3261652da52b5bc2cfc9248f8ce991a79b9979cf3e050a150fe8e93b3add25ee657eea8c1e5f43658f4ba5e9036b0ad
- SSDEEP
  
  3072:BSFKNYHiDg+NwA8eobw9XyPekpL6qwFqkBNjyERBdxD3I:lNgiyAd9XMtxwFqkLjM
Score

10^/10

njrat hacked defense_evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  defense_evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackeddefense_evasionpersistenceprivilege_escalationtrojan

behavioral2

njrathackeddefense_evasionpersistenceprivilege_escalationtrojan