njrat | b019f264edfde3939e799eee24361725d6b70d8701d58c8a782e316575dcce18 | Triage

Sharing

General

Target

60b9f5772f52920b02507511dc5ff5cd_JaffaCakes118
Size

23KB
Sample

240520-xv2atsdh4x
MD5

60b9f5772f52920b02507511dc5ff5cd
SHA1

6eda493c46a883761cc4d69516fb84ff9975a3df
SHA256

b019f264edfde3939e799eee24361725d6b70d8701d58c8a782e316575dcce18
SHA512

c17a3397c918ad7b5c2bf8d794c0885af0511378e770b9f16a0c067de86426c83a237527e425e58c76bd93dc8ee001ede8561fc2f61fdc5fa314f22fddf401dc
SSDEEP

384:xTWSEFDn65Egj6RGiYCINTY6xgXakh2oZDJmRvR6JZlbw8hqIusZzZGI:Nm7OM9YX0MRpcnuo

Score

10^/10

njrat vicitm of alanrkyah - hrob evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Vicitm Of Alanrkyah - Hrob

C2

127.0.0.1:1177

Mutex

5960382bc6c885bc624da9f2db2ec726

Attributes

reg_key
5960382bc6c885bc624da9f2db2ec726
splitter
|'|'|

Targets

- Target
  
  60b9f5772f52920b02507511dc5ff5cd_JaffaCakes118
- Size
  
  23KB
- MD5
  
  60b9f5772f52920b02507511dc5ff5cd
- SHA1
  
  6eda493c46a883761cc4d69516fb84ff9975a3df
- SHA256
  
  b019f264edfde3939e799eee24361725d6b70d8701d58c8a782e316575dcce18
- SHA512
  
  c17a3397c918ad7b5c2bf8d794c0885af0511378e770b9f16a0c067de86426c83a237527e425e58c76bd93dc8ee001ede8561fc2f61fdc5fa314f22fddf401dc
- SSDEEP
  
  384:xTWSEFDn65Egj6RGiYCINTY6xgXakh2oZDJmRvR6JZlbw8hqIusZzZGI:Nm7OM9YX0MRpcnuo
Score

10^/10

njrat vicitm of alanrkyah - hrob evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

vicitm of alanrkyah - hrobnjrat

behavioral1

njratvicitm of alanrkyah - hrobevasionpersistencetrojan

behavioral2

njratevasionpersistencetrojan