njrat | 84609f9e443225a23cca8ab6be910c207d220bb430fd543d0724eaae8f7df592 | Triage

Submit
Reports

Overview

overview

Static

static

3

fcae8c3823...18.exe

windows7-x64

fcae8c3823...18.exe

windows10-2004-x64

Sharing

General

Target

fcae8c3823eecebb9b8e0f9f2b9eeb89_JaffaCakes118
Size

801KB
Sample

240420-nqj2bagb9x
MD5

fcae8c3823eecebb9b8e0f9f2b9eeb89
SHA1

53c49e7458363a22180916f30e6d945081b20d83
SHA256

84609f9e443225a23cca8ab6be910c207d220bb430fd543d0724eaae8f7df592
SHA512

e92b5187e95a78c7a13f77e36aa9b0c2c144a6404ac6071902fa9e91304f9fb4a2e0c5c56b6accacde432d0626e1f8be00eeb4befa76936c8fbf5eb81c84b480
SSDEEP

24576:ANA3R5drXPrfHh2bQA53HU+tV9iKOcuiLbGD:55j2Z1z9b0

Score

10^/10

njrat gold link pdf trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

fcae8c3823eecebb9b8e0f9f2b9eeb89_JaffaCakes118.exe

Resource

win7-20240221-en

njrat gold link pdf trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

fcae8c3823eecebb9b8e0f9f2b9eeb89_JaffaCakes118.exe

Resource

win10v2004-20240412-en

njrat gold link pdf trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

njrat

Version

20

Botnet

gold

C2

149.248.52.61:87

Mutex

165d6ed988ac

Attributes

reg_key
165d6ed988ac
splitter
|'|'|

Targets

- Target
  
  fcae8c3823eecebb9b8e0f9f2b9eeb89_JaffaCakes118
- Size
  
  801KB
- MD5
  
  fcae8c3823eecebb9b8e0f9f2b9eeb89
- SHA1
  
  53c49e7458363a22180916f30e6d945081b20d83
- SHA256
  
  84609f9e443225a23cca8ab6be910c207d220bb430fd543d0724eaae8f7df592
- SHA512
  
  e92b5187e95a78c7a13f77e36aa9b0c2c144a6404ac6071902fa9e91304f9fb4a2e0c5c56b6accacde432d0626e1f8be00eeb4befa76936c8fbf5eb81c84b480
- SSDEEP
  
  24576:ANA3R5drXPrfHh2bQA53HU+tV9iKOcuiLbGD:55j2Z1z9b0
Score

10^/10

njrat gold link pdf trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

njratgoldlinkpdftrojan

behavioral2

njratgoldlinkpdftrojan

© 2018-2024

Terms | Privacy