njrat | 14f98b1f074334b775c4ce3c32f9561762d76714a6dc6723797181d6c94fa539 | Triage

Sharing

General

Target

67beb7fff7a6f1b597a100b669c8b123_JaffaCakes118
Size

327KB
Sample

240522-szjt5afh9z
MD5

67beb7fff7a6f1b597a100b669c8b123
SHA1

c93c5b72e69fac24301839e07276923610236dd0
SHA256

14f98b1f074334b775c4ce3c32f9561762d76714a6dc6723797181d6c94fa539
SHA512

aa2a3e923d58845d60c5afbd496253bf9fdc9929793a80200eaaad4d9b1f206274711d7ce54e5c4a6047748da71e14d78400dc0a85b34f6aed0b077642bb22aa
SSDEEP

768:GKOmMNOunYSL0zALREn6fM1kF8amfIT3r5Wn/wZLkne43tgem4Kgo:vOmAZLRixaZTdM/+gneGa66

Score

10^/10

njrat evasion trojan

Malware Config

Targets

- Target
  
  67beb7fff7a6f1b597a100b669c8b123_JaffaCakes118
- Size
  
  327KB
- MD5
  
  67beb7fff7a6f1b597a100b669c8b123
- SHA1
  
  c93c5b72e69fac24301839e07276923610236dd0
- SHA256
  
  14f98b1f074334b775c4ce3c32f9561762d76714a6dc6723797181d6c94fa539
- SHA512
  
  aa2a3e923d58845d60c5afbd496253bf9fdc9929793a80200eaaad4d9b1f206274711d7ce54e5c4a6047748da71e14d78400dc0a85b34f6aed0b077642bb22aa
- SSDEEP
  
  768:GKOmMNOunYSL0zALREn6fM1kF8amfIT3r5Wn/wZLkne43tgem4Kgo:vOmAZLRixaZTdM/+gneGa66
Score

10^/10

njrat evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

njratevasiontrojan

behavioral2

njratevasiontrojan