njrat | d452f668052e9768cbd68bb14b51569090883ba33b19da0c15048012e811420a | Triage

Sharing

General

Target

c6427b3a655a718fdeb0aa5b86a0c4cb_JaffaCakes118
Size

17KB
Sample

240828-fraj9sxhjn
MD5

c6427b3a655a718fdeb0aa5b86a0c4cb
SHA1

e38c9c0da1cf4fd658a0c77c81fd82fdfeb19b74
SHA256

d452f668052e9768cbd68bb14b51569090883ba33b19da0c15048012e811420a
SHA512

08ddd89013ff23c684a4b060eb4bce83f0b8aedcf31f3beeca9df73672d34bb66e577a541a59fe38bc72a61cd439e7a7bd8671b88e48813972459a84713277dc
SSDEEP

384:HTYe/8Bp9d1FjBksPnpPfWwbKItZK3sGYnt3PtGG:Hz/+rFVksBtK0tJwG

Score

10^/10

njrat dllhost discovery trojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

dllhost

C2

pupkinvasya.ddns.net:7777

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|Hassan|

Targets

- Target
  
  kaban.exe
- Size
  
  43KB
- MD5
  
  cf1be61ec41bd78ec5e3df069df3f738
- SHA1
  
  b0848fd421ab5d00a179d3edc61c9deb3ef4879f
- SHA256
  
  c9c46d2376eeccbdd123434f7e3a85520769ef0520ae66537b84bcf12b7b3c2d
- SHA512
  
  3495b240208c3e1d8c751d64c66b3bfe2e61e42889751fff65f35fcad0377d2b4530834eb030131ea3383233b88705ebf05b229b5c858d6c22fcd74f6f530d64
- SSDEEP
  
  384:+ZyTH1mmkuHQUyzprtRdUIgE49XNP9f4zAIij+ZsNO3PlpJKkkjh/TzF7pWnGZgy:E+Hkgwhzf3lo9R9OuXQ/o3x+L
Score

10^/10

njrat dllhost discovery trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratdllhostdiscoverytrojan

behavioral2

njratdllhostdiscoverytrojan