njrat | 5a32a48b5cd93e6169030612fbfa04aac619c9498d9486760817943edd33e4a6 | Triage

Sharing

General

Target

ffa162fbcf53c5d0a3ca8243bd7bf2d8_JaffaCakes118
Size

579KB
Sample

240421-s9166aee46
MD5

ffa162fbcf53c5d0a3ca8243bd7bf2d8
SHA1

8c4c105df691f616f88bcc862f921c7c72b8ca35
SHA256

5a32a48b5cd93e6169030612fbfa04aac619c9498d9486760817943edd33e4a6
SHA512

ab9a50c8e205520674313dcf45b49d0a7a2b2d27217465274e224be23f93bbe3b7abf49d4c758156888ffbb04fee5597849da9b3ad554573c3d641c4cc36db8f
SSDEEP

12288:yCwmfl2Tq7G02RpKgDJ4TgXSbZ2A2KaBkjKP7y11KySMtfZqc8KJvuc5W:nT7YxbZBcZW

Score

10^/10

njrat evasion trojan

Malware Config

Targets

- Target
  
  ffa162fbcf53c5d0a3ca8243bd7bf2d8_JaffaCakes118
- Size
  
  579KB
- MD5
  
  ffa162fbcf53c5d0a3ca8243bd7bf2d8
- SHA1
  
  8c4c105df691f616f88bcc862f921c7c72b8ca35
- SHA256
  
  5a32a48b5cd93e6169030612fbfa04aac619c9498d9486760817943edd33e4a6
- SHA512
  
  ab9a50c8e205520674313dcf45b49d0a7a2b2d27217465274e224be23f93bbe3b7abf49d4c758156888ffbb04fee5597849da9b3ad554573c3d641c4cc36db8f
- SSDEEP
  
  12288:yCwmfl2Tq7G02RpKgDJ4TgXSbZ2A2KaBkjKP7y11KySMtfZqc8KJvuc5W:nT7YxbZBcZW
Score

10^/10

njrat evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratevasiontrojan

behavioral2

njratevasiontrojan