njrat | 3e55ae393b491a130a5e30e384a1169a4e14d99aa9331843454bbfde0ffa470f | Triage

Sharing

General

Target

b1b4b125e4ad60e6302928016a7a78fb_JaffaCakes118
Size

23KB
Sample

240616-ez24tazarg
MD5

b1b4b125e4ad60e6302928016a7a78fb
SHA1

4a3a7e9eb12ec0dae41f588f2e3672010b76c5dc
SHA256

3e55ae393b491a130a5e30e384a1169a4e14d99aa9331843454bbfde0ffa470f
SHA512

3597931d1936074af803250c969ddb6127429cf49652f494bac430302a0c9b440aacf89b54d6fd45ecb0707561a5721d78b5c76ac17c5012de750c222dcdb626
SSDEEP

384:RYaZYC9tSBn6t3emiO060gDVQ6HghQSFJ7tmRvR6JZlbw8hqIusZzZnw:tY+q/mlHPRpcnuT

Score

10^/10

njrat 0 trojan

Malware Config

Extracted

Family

njrat

Version

Hallaj PRO Rat [Fixed]

Botnet

0

C2

mscompany.dynu.com:50001

Mutex

be63db5aab751ce38c3932816d79a30d

Attributes

reg_key
be63db5aab751ce38c3932816d79a30d
splitter
boolLove

Targets

- Target
  
  b1b4b125e4ad60e6302928016a7a78fb_JaffaCakes118
- Size
  
  23KB
- MD5
  
  b1b4b125e4ad60e6302928016a7a78fb
- SHA1
  
  4a3a7e9eb12ec0dae41f588f2e3672010b76c5dc
- SHA256
  
  3e55ae393b491a130a5e30e384a1169a4e14d99aa9331843454bbfde0ffa470f
- SHA512
  
  3597931d1936074af803250c969ddb6127429cf49652f494bac430302a0c9b440aacf89b54d6fd45ecb0707561a5721d78b5c76ac17c5012de750c222dcdb626
- SSDEEP
  
  384:RYaZYC9tSBn6t3emiO060gDVQ6HghQSFJ7tmRvR6JZlbw8hqIusZzZnw:tY+q/mlHPRpcnuT
Score

10^/10

njrat 0 trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2