njrat | 9c74d61777e1879c65f986ee4bbbd29eb05078290300a0fea3a20bca49c43c09 | Triage

Sharing

General

Target

db1d86d4d1d61cfe9d44b92fda10ac97_JaffaCakes118
Size

49KB
Sample

240911-yndrmazcmq
MD5

db1d86d4d1d61cfe9d44b92fda10ac97
SHA1

543da7ba6a0394fef96fbe124b2a9596a91553f2
SHA256

9c74d61777e1879c65f986ee4bbbd29eb05078290300a0fea3a20bca49c43c09
SHA512

fe602919814d6c95d36b2130d771d487aea8826764d7145b48293ef5bb043117b969370d0f193f0a7439d92a08fa452ab3f2e1f91cfadaf850bff4d58a40c733
SSDEEP

768:Cdxrvk6ADSpCTkmTEz9KKwhohvgiu9lqdu5z1KKnRseA:yrvfAv/To9KKMuoMMz1KKn+eA

Score

10^/10

njrat iienflat #2 execution trojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

iiEnFLaT #2

C2

joker3.publicvm.com:1177

Mutex

b7130210594bc1edceca40f86750d74e

Attributes

reg_key
b7130210594bc1edceca40f86750d74e
splitter
|'|'|

Targets

- Target
  
  db1d86d4d1d61cfe9d44b92fda10ac97_JaffaCakes118
- Size
  
  49KB
- MD5
  
  db1d86d4d1d61cfe9d44b92fda10ac97
- SHA1
  
  543da7ba6a0394fef96fbe124b2a9596a91553f2
- SHA256
  
  9c74d61777e1879c65f986ee4bbbd29eb05078290300a0fea3a20bca49c43c09
- SHA512
  
  fe602919814d6c95d36b2130d771d487aea8826764d7145b48293ef5bb043117b969370d0f193f0a7439d92a08fa452ab3f2e1f91cfadaf850bff4d58a40c733
- SSDEEP
  
  768:Cdxrvk6ADSpCTkmTEz9KKwhohvgiu9lqdu5z1KKnRseA:yrvfAv/To9KKMuoMMz1KKn+eA
Score

10^/10

njrat iienflat #2 execution trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratiienflat #2executiontrojan

behavioral2

njratiienflat #2executiontrojan