njrat | aa964bd196342fb080c53443b85cdcea6e117ada3eebe95043f23e264137d154 | Triage

Sharing

General

Target

vodd.exe
Size

93KB
Sample

250401-fpjp6awmz5
MD5

c13fd2efd94960fae11cd9f78ee9f090
SHA1

3855d7f6f42048ab3895e213e5d1847df7c9641e
SHA256

aa964bd196342fb080c53443b85cdcea6e117ada3eebe95043f23e264137d154
SHA512

541c367480d91ec10ac7eeb7a6c7aabe1f74c2b408b6c27362590b87eed0956e0396285c8c5c61a843a04a015c2cbcb642c8987669792ad865c120606d65a380
SSDEEP

1536:LU/r7EkrjaFIs7E5Ox8Jn8LjEwzGi1dD1DygS:LU7jau5OKVni1dpX

Score

10^/10

njrat hacked defense_evasion discovery persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

hakim32.ddns.net:2000

26.215.185.49:5552

Mutex

57bba9c26679cdd8eee0bb90aa915a71

Attributes

reg_key
57bba9c26679cdd8eee0bb90aa915a71
splitter
|'|'|

Targets

- Target
  
  vodd.exe
- Size
  
  93KB
- MD5
  
  c13fd2efd94960fae11cd9f78ee9f090
- SHA1
  
  3855d7f6f42048ab3895e213e5d1847df7c9641e
- SHA256
  
  aa964bd196342fb080c53443b85cdcea6e117ada3eebe95043f23e264137d154
- SHA512
  
  541c367480d91ec10ac7eeb7a6c7aabe1f74c2b408b6c27362590b87eed0956e0396285c8c5c61a843a04a015c2cbcb642c8987669792ad865c120606d65a380
- SSDEEP
  
  1536:LU/r7EkrjaFIs7E5Ox8Jn8LjEwzGi1dD1DygS:LU7jau5OKVni1dpX
Score

10^/10

njrat hacked defense_evasion discovery persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  defense_evasion
- Drops startup file
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackeddefense_evasiondiscoverypersistenceprivilege_escalationtrojan

behavioral2

defense_evasiondiscoverypersistenceprivilege_escalation

behavioral3

defense_evasiondiscoverypersistenceprivilege_escalation

behavioral4

defense_evasiondiscoverypersistenceprivilege_escalation