njrat | 9d5e81d3d165035999f9c33f5f379acbc4c4e8cfafa2ecef9763f60e94984587 | Triage

Sharing

General

Target

WindowsServices.exe
Size

48KB
Sample

250304-dr2yeaxzew
MD5

746788dfe51900ef82589acdb5b5ea38
SHA1

c992050d27f7d44d11bf0af36ae0364555e8ef9b
SHA256

9d5e81d3d165035999f9c33f5f379acbc4c4e8cfafa2ecef9763f60e94984587
SHA512

d24556e175ab630834db1656372aaa9724d9f78686bc55e909155ce933e4c9ab22188d24842a41be7b84fc483c6781cb9c7017e1acfeea6bf8b558260b6bfe07
SSDEEP

768:DzbDJdHBPC9nb1SpBuBXU1Lf8yKs590TRXZ66QDY/X9u0hcbXlyU:nPJdHBPQnb1SgCLf8yKfKY/Xg8cbXly

Score

10^/10

njrat hacked defense_evasion discovery persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Botnet

HacKed

Mutex

53$79$73$74$65$6d$33$32

Attributes

reg_key
53$79$73$74$65$6d$33$32
splitter
|-F-|

Targets

- Target
  
  WindowsServices.exe
- Size
  
  48KB
- MD5
  
  746788dfe51900ef82589acdb5b5ea38
- SHA1
  
  c992050d27f7d44d11bf0af36ae0364555e8ef9b
- SHA256
  
  9d5e81d3d165035999f9c33f5f379acbc4c4e8cfafa2ecef9763f60e94984587
- SHA512
  
  d24556e175ab630834db1656372aaa9724d9f78686bc55e909155ce933e4c9ab22188d24842a41be7b84fc483c6781cb9c7017e1acfeea6bf8b558260b6bfe07
- SSDEEP
  
  768:DzbDJdHBPC9nb1SpBuBXU1Lf8yKs590TRXZ66QDY/X9u0hcbXlyU:nPJdHBPQnb1SgCLf8yKfKY/Xg8cbXly
Score

10^/10

njrat hacked defense_evasion discovery persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  defense_evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackeddefense_evasiondiscoverypersistenceprivilege_escalationtrojan

behavioral2

defense_evasiondiscoverypersistenceprivilege_escalation