njrat | 9bac3c48258cdeeca5a5c67b241ebe2a498133da6eee1b7e3fa55f3bbb758bd9 | Triage

Sharing

General

Target

ee9a3f216d02117e0e5a13bac187a6d7_JaffaCakes118
Size

105KB
Sample

240920-22be7stajg
MD5

ee9a3f216d02117e0e5a13bac187a6d7
SHA1

5aef391069c557df0e985e7e7ce3e3834d1a69dc
SHA256

9bac3c48258cdeeca5a5c67b241ebe2a498133da6eee1b7e3fa55f3bbb758bd9
SHA512

6fd5a7596bd2f2a1823b005db5d7ffa4d1cc8c833ed7b219fd733764f63ba72c997fc8523b4e2cefea54a0939f116211707c872ad6c83b053e93dbefe2404227
SSDEEP

1536:njcKXqDDW8SJhGCiPALSGHm9+nWTqADchnOtt/2GmLhnD9d/XRiA+Vc4OT2lQ:jcwH+P/8Et4qN9mrd/Xn+Vc4OT2lQ

Score

10^/10

njrat hacked discovery trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

127.5.0.1:5552

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|'|'|

Targets

- Target
  
  ee9a3f216d02117e0e5a13bac187a6d7_JaffaCakes118
- Size
  
  105KB
- MD5
  
  ee9a3f216d02117e0e5a13bac187a6d7
- SHA1
  
  5aef391069c557df0e985e7e7ce3e3834d1a69dc
- SHA256
  
  9bac3c48258cdeeca5a5c67b241ebe2a498133da6eee1b7e3fa55f3bbb758bd9
- SHA512
  
  6fd5a7596bd2f2a1823b005db5d7ffa4d1cc8c833ed7b219fd733764f63ba72c997fc8523b4e2cefea54a0939f116211707c872ad6c83b053e93dbefe2404227
- SSDEEP
  
  1536:njcKXqDDW8SJhGCiPALSGHm9+nWTqADchnOtt/2GmLhnD9d/XRiA+Vc4OT2lQ:jcwH+P/8Et4qN9mrd/Xn+Vc4OT2lQ
Score

10^/10

njrat hacked discovery trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathacked discoverytrojan

behavioral2

njrathacked trojan