njrat | e0efc0bcac7885ee20f46fcfc03bab69ffe22aef8e433ac26238773ee12ed347 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

33e8450160a2b031204b78ead0a686b1_JaffaCakes118
Size

732KB
Sample

240511-lgrcxsdh22
MD5

33e8450160a2b031204b78ead0a686b1
SHA1

cca3b6eb223298d08f3f460d2140240d6d9fe2ee
SHA256

e0efc0bcac7885ee20f46fcfc03bab69ffe22aef8e433ac26238773ee12ed347
SHA512

4583895870e0fd75ea8ba4bb8599500c5730101d969ce1923e8279cd3a931a4b9d44cf1b678243e9cbce24c6502c7107442ed90204d891b669e05f919986e88d
SSDEEP

12288:Vc9YEusLiBNucUuO4S1afjD60d9N4dzn+9WQasEk7PPcRUGl76kdATS0181frlS:Vc9YEusLiHucUMS1afjD60d9N4tn+9WP

Score

10^/10

njrat image evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

image

C2

hostingerrrrrr.ddns.net:3333

Mutex

8544f46789c845732e4b256e024189da

Attributes

reg_key
8544f46789c845732e4b256e024189da
splitter
|'|'|

Targets

- Target
  
  33e8450160a2b031204b78ead0a686b1_JaffaCakes118
- Size
  
  732KB
- MD5
  
  33e8450160a2b031204b78ead0a686b1
- SHA1
  
  cca3b6eb223298d08f3f460d2140240d6d9fe2ee
- SHA256
  
  e0efc0bcac7885ee20f46fcfc03bab69ffe22aef8e433ac26238773ee12ed347
- SHA512
  
  4583895870e0fd75ea8ba4bb8599500c5730101d969ce1923e8279cd3a931a4b9d44cf1b678243e9cbce24c6502c7107442ed90204d891b669e05f919986e88d
- SSDEEP
  
  12288:Vc9YEusLiBNucUuO4S1afjD60d9N4dzn+9WQasEk7PPcRUGl76kdATS0181frlS:Vc9YEusLiHucUMS1afjD60d9N4tn+9WP
Score

10^/10

njrat image evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratimageevasionpersistencetrojan

behavioral2

njratimageevasionpersistencetrojan