njrat | 6da82021d8a6ed2932aab06a6826a8d732c569b35e8b27b2256c9e936e70a0a4 | Triage

Sharing

General

Target

75f337fd11a946298871629af9c6c8a4_JaffaCakes118
Size

304KB
Sample

240526-s18vmscb82
MD5

75f337fd11a946298871629af9c6c8a4
SHA1

a8e20bfa63f8d13ff19c66cfffd323438ff63819
SHA256

6da82021d8a6ed2932aab06a6826a8d732c569b35e8b27b2256c9e936e70a0a4
SHA512

0a86cc9cdfce3d43156990cf65fab21e0e7e7dc5041c19579f67552ca23c098a46440258c3c4139e238eecc5c43c5bba06e0312dacf93f5a1c4dbe5d658802c2
SSDEEP

3072:jKUHXBtkvDVl802DG9G32GhNvLhvvqUQO/dQVBKg3v7B20z:mUHxeVzH22GhNjhvvq3OmbDv700

Score

10^/10

njrat أســـــــــــــــــوان evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

أســـــــــــــــــوان

C2

milla.publicvm.com:5552

Mutex

d0f6cd4c4dd690385e33d2c89d88aadb

Attributes

reg_key
d0f6cd4c4dd690385e33d2c89d88aadb
splitter
|'|'|

Targets

- Target
  
  75f337fd11a946298871629af9c6c8a4_JaffaCakes118
- Size
  
  304KB
- MD5
  
  75f337fd11a946298871629af9c6c8a4
- SHA1
  
  a8e20bfa63f8d13ff19c66cfffd323438ff63819
- SHA256
  
  6da82021d8a6ed2932aab06a6826a8d732c569b35e8b27b2256c9e936e70a0a4
- SHA512
  
  0a86cc9cdfce3d43156990cf65fab21e0e7e7dc5041c19579f67552ca23c098a46440258c3c4139e238eecc5c43c5bba06e0312dacf93f5a1c4dbe5d658802c2
- SSDEEP
  
  3072:jKUHXBtkvDVl802DG9G32GhNvLhvvqUQO/dQVBKg3v7B20z:mUHxeVzH22GhNjhvvq3OmbDv700
Score

10^/10

njrat أســـــــــــــــــوان evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratأســـــــــــــــــوانevasionpersistencetrojan

behavioral2

njratأســـــــــــــــــوانevasionpersistencetrojan