njrat | 9c806794593cfa49e0aabb944f53927de4e34b581e5d9bec8647e418d3b28307 | Triage

Sharing

General

Target

dd7dbdcfa4527f673778e060008e50dd_JaffaCakes118
Size

495KB
Sample

240913-c1k6kszdpc
MD5

dd7dbdcfa4527f673778e060008e50dd
SHA1

ac088b0517f68e3976e170c50099e3e8ba689a7d
SHA256

9c806794593cfa49e0aabb944f53927de4e34b581e5d9bec8647e418d3b28307
SHA512

9497a0921ee0a3e072731ac932c37efd57888e2818ac3c1e03d01615396f884acdf71c6e728a2333d1b7fe67feee14ca7369b521f196f105825154867fef3dce
SSDEEP

6144:ZjsDJiFaGYb6lfuNS7ppZFQGWmw/P0H1g0dYT2cPgOILG3rX0BdeoEfti:ZjeUrHfn7pTNWmE70LcBIkIdeR1i

Score

10^/10

njrat discovery execution persistence trojan

Malware Config

Extracted

Family

njrat

C2

190.213.72.103:5005

Mutex

8598e9fde4

Attributes

reg_key
8598e9fde4
splitter
@!#&^%$

Targets

- Target
  
  dd7dbdcfa4527f673778e060008e50dd_JaffaCakes118
- Size
  
  495KB
- MD5
  
  dd7dbdcfa4527f673778e060008e50dd
- SHA1
  
  ac088b0517f68e3976e170c50099e3e8ba689a7d
- SHA256
  
  9c806794593cfa49e0aabb944f53927de4e34b581e5d9bec8647e418d3b28307
- SHA512
  
  9497a0921ee0a3e072731ac932c37efd57888e2818ac3c1e03d01615396f884acdf71c6e728a2333d1b7fe67feee14ca7369b521f196f105825154867fef3dce
- SSDEEP
  
  6144:ZjsDJiFaGYb6lfuNS7ppZFQGWmw/P0H1g0dYT2cPgOILG3rX0BdeoEfti:ZjeUrHfn7pTNWmE70LcBIkIdeR1i
Score

10^/10

njrat discovery execution persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Adds Run key to start application
  persistence
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratdiscoveryexecutionpersistencetrojan

behavioral2

njratdiscoveryexecutionpersistencetrojan