njrat | 28fd2796e53d8b279f253ae668fc886719936daa5db19effd9e8a88d1c7f0082 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

229cfc5911ff2617a33e07721876c296_JaffaCakes118
Size

25KB
Sample

240508-byardsea85
MD5

229cfc5911ff2617a33e07721876c296
SHA1

15067132ea932e66248f3c2b9f3f5272752fa0df
SHA256

28fd2796e53d8b279f253ae668fc886719936daa5db19effd9e8a88d1c7f0082
SHA512

0dbae476b4d9aa8143ce76e7673ae3e294f57145e6a9f0699b7c7eec821640a29fd7f006f5eef0a30249ca3c5b9afc62207fb68e21cbaa050a475a97aad676c7
SSDEEP

384:sv3ZII+A/00CMJWFH3XGA7QCjC7Bgj46iB2BVcp0T9h2HbmdPvo8I6CQ1+H+wpz2:svp+n09+Xq91MiBNpogwvj1CS+HfpTur

Score

10^/10

njrat hacked trojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

127.0.0.1:5552

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|Hassan|

Targets

- Target
  
  229cfc5911ff2617a33e07721876c296_JaffaCakes118
- Size
  
  25KB
- MD5
  
  229cfc5911ff2617a33e07721876c296
- SHA1
  
  15067132ea932e66248f3c2b9f3f5272752fa0df
- SHA256
  
  28fd2796e53d8b279f253ae668fc886719936daa5db19effd9e8a88d1c7f0082
- SHA512
  
  0dbae476b4d9aa8143ce76e7673ae3e294f57145e6a9f0699b7c7eec821640a29fd7f006f5eef0a30249ca3c5b9afc62207fb68e21cbaa050a475a97aad676c7
- SSDEEP
  
  384:sv3ZII+A/00CMJWFH3XGA7QCjC7Bgj46iB2BVcp0T9h2HbmdPvo8I6CQ1+H+wpz2:svp+n09+Xq91MiBNpogwvj1CS+HfpTur
Score

10^/10

njrat hacked trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackedtrojan

behavioral2

njrathackedtrojan