njrat | a9dfed16b30cfef2106e4d1626e4cb7cffdacbdcbf2fc13865be64a918e0f255 | Triage

Sharing

General

Target

d2208a80c24abd0ccfcaf45dd9d332ab_JaffaCakes118
Size

1.1MB
Sample

240907-rk6jxazepc
MD5

d2208a80c24abd0ccfcaf45dd9d332ab
SHA1

ae076b92ee7853ae263ccb4f73c39e6441066b3b
SHA256

a9dfed16b30cfef2106e4d1626e4cb7cffdacbdcbf2fc13865be64a918e0f255
SHA512

1f8fc8b99c3138db816b90e4335ff5a31cd4226795e6bcc1a3a8c0d1934d5893d8f26dfd4ddfd5354ab2d2bc2b35f06d715b5b71eb67b62de4a696d4c112f0a9
SSDEEP

24576:64lavt0LkLL9IMixoEgeakVR0x3+Dey45nxGq9MmCS:Nkwkn9IMHeakHYuf+EaPCS

Score

10^/10

njrat hacked discovery evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

192.168.31.130:5552

Mutex

0a2e5cfbc3a5b8d96d011c7841e3236a

Attributes

reg_key
0a2e5cfbc3a5b8d96d011c7841e3236a
splitter
|'|'|

Targets

- Target
  
  d2208a80c24abd0ccfcaf45dd9d332ab_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  d2208a80c24abd0ccfcaf45dd9d332ab
- SHA1
  
  ae076b92ee7853ae263ccb4f73c39e6441066b3b
- SHA256
  
  a9dfed16b30cfef2106e4d1626e4cb7cffdacbdcbf2fc13865be64a918e0f255
- SHA512
  
  1f8fc8b99c3138db816b90e4335ff5a31cd4226795e6bcc1a3a8c0d1934d5893d8f26dfd4ddfd5354ab2d2bc2b35f06d715b5b71eb67b62de4a696d4c112f0a9
- SSDEEP
  
  24576:64lavt0LkLL9IMixoEgeakVR0x3+Dey45nxGq9MmCS:Nkwkn9IMHeakHYuf+EaPCS
Score

10^/10

njrat hacked discovery evasion trojan
- UAC bypass
  evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackeddiscoveryevasiontrojan

behavioral2

njrathackeddiscoveryevasiontrojan