njrat | 39a33f73741118aa05511c1524ad3da573d7fe94a929cc0660c7719a13d335b0 | Triage

Sharing

General

Target

efc0cbb158d388b5d778f876b7bf63ef_JaffaCakes118
Size

27.6MB
Sample

240921-n8tcps1dmb
MD5

efc0cbb158d388b5d778f876b7bf63ef
SHA1

a4a0f15afeb62a68917dfc4f0d974b0d69ccdaaa
SHA256

39a33f73741118aa05511c1524ad3da573d7fe94a929cc0660c7719a13d335b0
SHA512

14db18dc1ba4a22369090726cbb932c642b7711135aa0279f038b94a09e53041b09482e5a098dfa450813ebb1df0c75fe3615452118398010e5d3a0a1873f432
SSDEEP

786432:CvYUcHwRXkRVTSAfvQftVmv9lMPKosqJ4:LPQRXAVfyr+lhHl

Score

10^/10

njrat agilenet discovery trojan

Malware Config

Targets

- Target
  
  efc0cbb158d388b5d778f876b7bf63ef_JaffaCakes118
- Size
  
  27.6MB
- MD5
  
  efc0cbb158d388b5d778f876b7bf63ef
- SHA1
  
  a4a0f15afeb62a68917dfc4f0d974b0d69ccdaaa
- SHA256
  
  39a33f73741118aa05511c1524ad3da573d7fe94a929cc0660c7719a13d335b0
- SHA512
  
  14db18dc1ba4a22369090726cbb932c642b7711135aa0279f038b94a09e53041b09482e5a098dfa450813ebb1df0c75fe3615452118398010e5d3a0a1873f432
- SSDEEP
  
  786432:CvYUcHwRXkRVTSAfvQftVmv9lMPKosqJ4:LPQRXAVfyr+lhHl
Score

10^/10

njrat agilenet discovery trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
behavioral1 behavioral2
- Target
  
  MetroFramework.dll
- Size
  
  133KB
- MD5
  
  a3a380676711eac89f67e0043c21b5d6
- SHA1
  
  587c765dc3ca8d3ea2fa55b9f227cef284287522
- SHA256
  
  c23cdacb0de78c5c6e8a1dde085cca1bf8261d3b90dac39379a4ac4518d212d1
- SHA512
  
  98a8a6741fce19d7817e412d0d2fbe772d8fbda527a3f3a56ddce8dec0bcd23c6e0755402ad816af089f50fdd7b33bd8d834f3af6beb85dbff53830b5c130697
- SSDEEP
  
  1536:evymZ39Uy6/ZDJALk8TWPdQNqUkkNZ8TS3SAqAxi0P77jRnZcHe+YNb:wJ/D6/lJAL4kqUZNMS371xi0DRFtb
Score

1^/10
behavioral3 behavioral4
- Target
  
  PS3Lib.dll
- Size
  
  475KB
- MD5
  
  e2591c9be92cd8f098027885306833aa
- SHA1
  
  99f4bef5ab9d4034cfa5e4d3f2eba83c8038eba4
- SHA256
  
  f7e015454587c29aff65c82569e629955eb5e52a3a85b4f3677f9f1bc8ab7500
- SHA512
  
  68c55f8d07d1aa15f8216b2c2c7512cb88d4f92666295a8a84db46b30ac40cb6c4e774650bf41885aff31cc8d49709a05eb5dde2503864354d9c8b0e57f375b6
- SSDEEP
  
  12288:EBM6SzxGSkeNItOGWpvSmimrdh+SZqTSm:WEx5StOGQSyBh+SGx
Score

1^/10
behavioral5 behavioral6
- Target
  
  Tool qM6wr Private v1.exe
- Size
  
  28.9MB
- MD5
  
  90ca79ee599a1b09eb943920f3082c20
- SHA1
  
  0cc10d064322b98adcd51dad213c19d4f9098b15
- SHA256
  
  fa61d4fd3f67c8d1683a5690cf4b7a32aa45bb972fb72a16f8e8795fba9b408b
- SHA512
  
  2d8a6705416d83636210aa5995c4da698aa236657a3362f3ae0cb5a769a0fd952105d4e5925c7f8996a3bad9e157c128ee3cb8714470f51e72c9d7616122f204
- SSDEEP
  
  393216:Kyyhyp9FO5XQXQXUMSecOvuOvQkNSJW6sGfusGfusGfusGfusGfpcsjPqf72QaP0:Kyyh+hMSliSJWNG5G5G5G5GGnKGZ
Score

7^/10

agilenet discovery
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
behavioral7 behavioral8
- Target
  
  llk2.exe
- Size
  
  197KB
- MD5
  
  0e0cfb1529bbf556f107967c4ebae5ee
- SHA1
  
  c8764f32d617224951c191d8a7624cb6f4a6fc35
- SHA256
  
  2b838fa014c5dc66cc5f787ec57d6ea89b2700a70d60644e721fcb68d9df4b69
- SHA512
  
  f4194d0d117674be83e0ba29a9bd49292f744f68ba839697fe98c23d1244839c6e83a8ceadcfd0db43ff997af4879ec692620e7c0ca976516315e456a29bc185
- SSDEEP
  
  3072:qohlBAxWU6iTDnLtOQrqT5iu2h8baRYX2NCaFcRu7QlSnoTLGAlrSFDCrlfvGSR4:qohlBAxWODnLttr4Ew3rOWhmS
Score

3^/10

discovery
behavioral10 behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratagilenetdiscoverytrojan

behavioral2

njratagilenetdiscoverytrojan

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

agilenetdiscovery

behavioral8

agilenetdiscovery

behavioral9

behavioral10