njrat | 8fc35f16c6869daa3403ecf0a59f3eb1f6d03f47d12bb6655c360d13542e3e81 | Triage

Sharing

General

Target

71465e11a009dfd6d80db0d63fa2fd1b_JaffaCakes118
Size

31KB
Sample

240525-jfksmsaf7s
MD5

71465e11a009dfd6d80db0d63fa2fd1b
SHA1

5923541e75e7669d8fdf0f2a7a74454793481330
SHA256

8fc35f16c6869daa3403ecf0a59f3eb1f6d03f47d12bb6655c360d13542e3e81
SHA512

f364302e73805a4f4784a5632c0a49e4d79f0a30f80c5ea58503cdd1edf3d75d41fb42ba4a023a2472511f6265fb1e3e75c92605eed528ef94e0f327606b4fe5
SSDEEP

768:3tijFXuTthUzxf6rFwA3Fh9vaDQmIDUu0tiw1j:oF+KKPsQVkBj

Score

10^/10

njrat 12d trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

12d

C2

senior12.ddns.net:6522

Mutex

b71af024f3fe5ce59b7d8571cfef3323

Attributes

reg_key
b71af024f3fe5ce59b7d8571cfef3323
splitter
Y262SUCZ4UJJ

Targets

- Target
  
  71465e11a009dfd6d80db0d63fa2fd1b_JaffaCakes118
- Size
  
  31KB
- MD5
  
  71465e11a009dfd6d80db0d63fa2fd1b
- SHA1
  
  5923541e75e7669d8fdf0f2a7a74454793481330
- SHA256
  
  8fc35f16c6869daa3403ecf0a59f3eb1f6d03f47d12bb6655c360d13542e3e81
- SHA512
  
  f364302e73805a4f4784a5632c0a49e4d79f0a30f80c5ea58503cdd1edf3d75d41fb42ba4a023a2472511f6265fb1e3e75c92605eed528ef94e0f327606b4fe5
- SSDEEP
  
  768:3tijFXuTthUzxf6rFwA3Fh9vaDQmIDUu0tiw1j:oF+KKPsQVkBj
Score

10^/10

njrat 12d trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2