njrat | d58f219e40a169eb0bd5338740f1852d690630466b77cd343772f4da12271fd9 | Triage

Sharing

General

Target

bd4b1ccafd3ffcca49961c010d8abed5_JaffaCakes118
Size

47KB
Sample

240619-t4bjzsybkr
MD5

bd4b1ccafd3ffcca49961c010d8abed5
SHA1

e49c6d2c4e77e782f8f6afcfa1a34fedb6b67586
SHA256

d58f219e40a169eb0bd5338740f1852d690630466b77cd343772f4da12271fd9
SHA512

842d9bccac08d44bca271230a655f351e15425bb64bc925d8ddc8bf418b2586258cef50c1d54c1de1930b4d435821b752134ecb6ebb9a999b8acdec238f27b4f
SSDEEP

768:LWu7Rgdz+OQFQvUGB6T8PEKi6JNf79sdgVR9aPzdADDrDyhss92vxboECSB0RDYp:JAqTA9naPz2vxboECSBMzK2uae

Score

10^/10

njrat hacked trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

127.0.0.1:1177

Mutex

65a67df4f491be9b9a2a9164c0652865

Attributes

reg_key
65a67df4f491be9b9a2a9164c0652865
splitter
|'|'|

Targets

- Target
  
  bd4b1ccafd3ffcca49961c010d8abed5_JaffaCakes118
- Size
  
  47KB
- MD5
  
  bd4b1ccafd3ffcca49961c010d8abed5
- SHA1
  
  e49c6d2c4e77e782f8f6afcfa1a34fedb6b67586
- SHA256
  
  d58f219e40a169eb0bd5338740f1852d690630466b77cd343772f4da12271fd9
- SHA512
  
  842d9bccac08d44bca271230a655f351e15425bb64bc925d8ddc8bf418b2586258cef50c1d54c1de1930b4d435821b752134ecb6ebb9a999b8acdec238f27b4f
- SSDEEP
  
  768:LWu7Rgdz+OQFQvUGB6T8PEKi6JNf79sdgVR9aPzdADDrDyhss92vxboECSB0RDYp:JAqTA9naPz2vxboECSBMzK2uae
Score

10^/10

njrat hacked trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackedtrojan

behavioral2

njrathackedtrojan