njrat | 2b44f01444d7c0706d79cfb088fff45b0f3d3a8ab8096060c8f0362460785dec | Triage

Sharing

General

Target

fb331efdbb0520c7ce42b6271d73e192_JaffaCakes118
Size

53KB
Sample

240419-1bjhfsgg7s
MD5

fb331efdbb0520c7ce42b6271d73e192
SHA1

fa5dd81949e0d180ec30828ae349e20da51609dd
SHA256

2b44f01444d7c0706d79cfb088fff45b0f3d3a8ab8096060c8f0362460785dec
SHA512

2f937c9c636229bc835d7772b013b0f558c0212fcc2f2716ed23e69136ef2cbdba04f1cdf99b5fba903f19659de35a902196647e996524d1450c86e41e1d1def
SSDEEP

768:r/UUwTBzQJyJXynPO3l5/I+GJS2IrW2whW0qSLg4eZNTDSZ2ieBc:r8UUB8JMoPO3v/I+kS2fM0Hk4eJil

Score

10^/10

njrat evasion trojan

Malware Config

Targets

- Target
  
  fb331efdbb0520c7ce42b6271d73e192_JaffaCakes118
- Size
  
  53KB
- MD5
  
  fb331efdbb0520c7ce42b6271d73e192
- SHA1
  
  fa5dd81949e0d180ec30828ae349e20da51609dd
- SHA256
  
  2b44f01444d7c0706d79cfb088fff45b0f3d3a8ab8096060c8f0362460785dec
- SHA512
  
  2f937c9c636229bc835d7772b013b0f558c0212fcc2f2716ed23e69136ef2cbdba04f1cdf99b5fba903f19659de35a902196647e996524d1450c86e41e1d1def
- SSDEEP
  
  768:r/UUwTBzQJyJXynPO3l5/I+GJS2IrW2whW0qSLg4eZNTDSZ2ieBc:r8UUB8JMoPO3v/I+kS2fM0Hk4eJil
Score

10^/10

njrat evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

njratevasiontrojan

behavioral2

njratevasiontrojan