njrat | cd556362c002e5f1d400b4fb59745be78b3e9a8b44fefdbc43a67d9b1b2a1fc0 | Triage

Sharing

General

Target

f9f9a6c33c754cc0acff547618fabad8_JaffaCakes118
Size

95KB
Sample

240419-k4nd4sdd83
MD5

f9f9a6c33c754cc0acff547618fabad8
SHA1

0c05700f3130361ea5a300b5581dd6daf75f79ca
SHA256

cd556362c002e5f1d400b4fb59745be78b3e9a8b44fefdbc43a67d9b1b2a1fc0
SHA512

7e7bd6988b8d46cc3654c9db0b3ce7a3ffca9048312c33bcce9f0f1eda50fa9b6694e16dfe181b86065effe992d170f063b3758961ac5b19acc361f9c250ba08
SSDEEP

1536:a6LFg5KZKXojSjcsA+HkHugEKp/FJWNLiEbriGJfhSDZ:tLFmCH+kHugEKp/FJWNLiEbriGNhSt

Score

10^/10

njrat hacked evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

HacKed

C2

192.168.1.23:2222

Mutex

5cd8f17f4086744065eb0992a09e05a2

Attributes

reg_key
5cd8f17f4086744065eb0992a09e05a2
splitter
|'|'|

Targets

- Target
  
  f9f9a6c33c754cc0acff547618fabad8_JaffaCakes118
- Size
  
  95KB
- MD5
  
  f9f9a6c33c754cc0acff547618fabad8
- SHA1
  
  0c05700f3130361ea5a300b5581dd6daf75f79ca
- SHA256
  
  cd556362c002e5f1d400b4fb59745be78b3e9a8b44fefdbc43a67d9b1b2a1fc0
- SHA512
  
  7e7bd6988b8d46cc3654c9db0b3ce7a3ffca9048312c33bcce9f0f1eda50fa9b6694e16dfe181b86065effe992d170f063b3758961ac5b19acc361f9c250ba08
- SSDEEP
  
  1536:a6LFg5KZKXojSjcsA+HkHugEKp/FJWNLiEbriGJfhSDZ:tLFmCH+kHugEKp/FJWNLiEbriGNhSt
Score

10^/10

njrat hacked evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Drops startup file
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

njrathackedevasiontrojan

behavioral2

njrathackedevasiontrojan