njrat | d828ac3838adb83bc002dfbd5d4fcefa0d0b4c54dd7cb8c523564efb617c7166 | Triage

Sharing

General

Target

d828ac3838adb83bc002dfbd5d4fcefa0d0b4c54dd7cb8c523564efb617c7166
Size

200KB
Sample

250326-nbj3rsxl18
MD5

ba3fac4e249d40a19db58de619c3da31
SHA1

15c60339e114ef89b3411d2f2df0c1c074afb30b
SHA256

d828ac3838adb83bc002dfbd5d4fcefa0d0b4c54dd7cb8c523564efb617c7166
SHA512

75258c30e79b9258118f2eb15bdbff629352b4c32540908e38927fd61e8c3695737fc292c3f3132e9bc5c5a67018117c5b87711e6710c651455b47e61cda7edd
SSDEEP

3072:A6Ma80I2iaaSqwAkOCekzSZVO+ZS9ddYECNSMJwBCDoZGf:LLiaaSUCEZFECBw0d

Score

10^/10

njrat sini defense_evasion discovery persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

sini

C2

taskeng.sytes.net:7338

Mutex

31769fbca2fc3901df2cf43ae19c898c

Attributes

reg_key
31769fbca2fc3901df2cf43ae19c898c
splitter
|'|'|

Targets

- Target
  
  d828ac3838adb83bc002dfbd5d4fcefa0d0b4c54dd7cb8c523564efb617c7166
- Size
  
  200KB
- MD5
  
  ba3fac4e249d40a19db58de619c3da31
- SHA1
  
  15c60339e114ef89b3411d2f2df0c1c074afb30b
- SHA256
  
  d828ac3838adb83bc002dfbd5d4fcefa0d0b4c54dd7cb8c523564efb617c7166
- SHA512
  
  75258c30e79b9258118f2eb15bdbff629352b4c32540908e38927fd61e8c3695737fc292c3f3132e9bc5c5a67018117c5b87711e6710c651455b47e61cda7edd
- SSDEEP
  
  3072:A6Ma80I2iaaSqwAkOCekzSZVO+ZS9ddYECNSMJwBCDoZGf:LLiaaSUCEZFECBw0d
Score

10^/10

njrat sini defense_evasion discovery persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  defense_evasion
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratsinidefense_evasiondiscoverypersistenceprivilege_escalationtrojan

behavioral2

defense_evasiondiscovery