njrat | 2a0941071e1b3ae8692ce97ffdc0734bfb4b10c047a0e58d35b0da807873abba | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a6db2d7a1c4c4c37905289a61210430e_JaffaCakes118
Size

419KB
Sample

240613-1923fsserg
MD5

a6db2d7a1c4c4c37905289a61210430e
SHA1

9549806a8f9499e56cde7c00cbf1dce8254ebae9
SHA256

2a0941071e1b3ae8692ce97ffdc0734bfb4b10c047a0e58d35b0da807873abba
SHA512

353c0295411e6b2344b7b78651f4d6854b5db8d9e1b80913f9887ce636380ba04c1e70fe9507fcd13fc8cdedf89a3fdac7d65847e09cd0a0f06abf12b88a0387
SSDEEP

6144:810ZBv/WxSwNoBLL/nAKCqHnTtEQuFTXpK+pLT+MdH:1DWxSwNyLdCCnkFKwf

Score

10^/10

njrat تم الاختراق من قبل دكتور الغربية #evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

تم الاختراق من قبل دكتور الغربية #

C2

Dr187.ddns.net:999

Mutex

59e66e4fd01ed7a53bb65713760bdb7d

Attributes

reg_key
59e66e4fd01ed7a53bb65713760bdb7d
splitter
|'|'|

Targets

- Target
  
  a6db2d7a1c4c4c37905289a61210430e_JaffaCakes118
- Size
  
  419KB
- MD5
  
  a6db2d7a1c4c4c37905289a61210430e
- SHA1
  
  9549806a8f9499e56cde7c00cbf1dce8254ebae9
- SHA256
  
  2a0941071e1b3ae8692ce97ffdc0734bfb4b10c047a0e58d35b0da807873abba
- SHA512
  
  353c0295411e6b2344b7b78651f4d6854b5db8d9e1b80913f9887ce636380ba04c1e70fe9507fcd13fc8cdedf89a3fdac7d65847e09cd0a0f06abf12b88a0387
- SSDEEP
  
  6144:810ZBv/WxSwNoBLL/nAKCqHnTtEQuFTXpK+pLT+MdH:1DWxSwNyLdCCnkFKwf
Score

10^/10

njrat تم الاختراق من قبل دكتور الغربية #evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratتم الاختراق من قبل دكتور الغربية #evasionpersistencetrojan

behavioral2

njratتم الاختراق من قبل دكتور الغربية #evasionpersistencetrojan