njrat | c6af10736db72c425555f5e62b2b954fceb9d541aa8dd593bb0f1ca91c9a9b52 | Triage

Submit
Reports

Overview

overview

Static

static

5

fcfc0891e3...18.exe

windows7-x64

fcfc0891e3...18.exe

windows10-2004-x64

Sharing

General

Target

fcfc0891e383dd78bea0b738b2771643_JaffaCakes118
Size

1.6MB
Sample

240420-rzls2sbd3v
MD5

fcfc0891e383dd78bea0b738b2771643
SHA1

2d6e58beac2275d8f23d5cdcec08af3b82123376
SHA256

c6af10736db72c425555f5e62b2b954fceb9d541aa8dd593bb0f1ca91c9a9b52
SHA512

6c617c3c519580ca79841139ba85864d0a8339251cf8b75654effc71dbbc2ac42be76df8fe809ff8f52a65254495b6a69f157b7a5029192c53d034973e89dbcc
SSDEEP

49152:ch+ZkldoPKi2a9D5SOgTjjhKQVHoF/uY:N2cPKi15SThPVIF

Score

10^/10

njrat soft microsoft phishing trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

fcfc0891e383dd78bea0b738b2771643_JaffaCakes118.exe

Resource

win7-20240215-en

njrat soft trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

fcfc0891e383dd78bea0b738b2771643_JaffaCakes118.exe

Resource

win10v2004-20240412-en

njrat soft microsoft phishing trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

soft

C2

googlyoutuob.ddns.net:1177

Mutex

5e9d00b3a9bfb0f9311b1d29c32b918a

Attributes

reg_key
5e9d00b3a9bfb0f9311b1d29c32b918a
splitter
|'|'|

Targets

- Target
  
  fcfc0891e383dd78bea0b738b2771643_JaffaCakes118
- Size
  
  1.6MB
- MD5
  
  fcfc0891e383dd78bea0b738b2771643
- SHA1
  
  2d6e58beac2275d8f23d5cdcec08af3b82123376
- SHA256
  
  c6af10736db72c425555f5e62b2b954fceb9d541aa8dd593bb0f1ca91c9a9b52
- SHA512
  
  6c617c3c519580ca79841139ba85864d0a8339251cf8b75654effc71dbbc2ac42be76df8fe809ff8f52a65254495b6a69f157b7a5029192c53d034973e89dbcc
- SSDEEP
  
  49152:ch+ZkldoPKi2a9D5SOgTjjhKQVHoF/uY:N2cPKi15SThPVIF
Score

10^/10

njrat soft trojan microsoft phishing
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Detected potential entity reuse from brand microsoft.
  phishing microsoft
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

njratsofttrojan

behavioral2

njratsoftmicrosoftphishingtrojan

© 2018-2024

Terms | Privacy