njrat | 95ce20738417b106d618edd9e142138b7214516604b3d9bf4d653b29c25dfa61 | Triage

Sharing

General

Target

6ee1151a07766fb6930fa6c4bc674b8a_JaffaCakes118
Size

340KB
Sample

240524-r6yq7ahf8x
MD5

6ee1151a07766fb6930fa6c4bc674b8a
SHA1

0f1ca74bc9a40136998647c59e3b9ca1666cea52
SHA256

95ce20738417b106d618edd9e142138b7214516604b3d9bf4d653b29c25dfa61
SHA512

ebd111009f0cd03dd0ca00309747b6e2d341319eb16a2fd487ae1ad9cdfac76c1a8406b4d3c38ecae19a5dab2c2cf9dc0ed27a8dfd3c98cafb30f0592e5b540f
SSDEEP

6144:5/fAhvV6B8ErzPZp5wdz753RSkOKbEJCI94IvUHWT:1fAv6B8azBwdFOyEsI+IsHW

Score

10^/10

njrat hacked trojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

195.123.220.225:3223

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|Hassan|

Targets

- Target
  
  6ee1151a07766fb6930fa6c4bc674b8a_JaffaCakes118
- Size
  
  340KB
- MD5
  
  6ee1151a07766fb6930fa6c4bc674b8a
- SHA1
  
  0f1ca74bc9a40136998647c59e3b9ca1666cea52
- SHA256
  
  95ce20738417b106d618edd9e142138b7214516604b3d9bf4d653b29c25dfa61
- SHA512
  
  ebd111009f0cd03dd0ca00309747b6e2d341319eb16a2fd487ae1ad9cdfac76c1a8406b4d3c38ecae19a5dab2c2cf9dc0ed27a8dfd3c98cafb30f0592e5b540f
- SSDEEP
  
  6144:5/fAhvV6B8ErzPZp5wdz753RSkOKbEJCI94IvUHWT:1fAv6B8azBwdFOyEsI+IsHW
Score

10^/10

njrat hacked trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackedtrojan

behavioral2

njrathackedtrojan