njrat | 3c90f7e66714f9cf7b2912e62a5772d0b47d0548bfa92376ebc5fa08cbc21a4e | Triage

Sharing

General

Target

f12d0d690b86148cce1f7d01911b5359_JaffaCakes118
Size

760KB
Sample

240922-dtzk3azbkc
MD5

f12d0d690b86148cce1f7d01911b5359
SHA1

34cba5dc1de74d656c2b6e52789779689ff5d967
SHA256

3c90f7e66714f9cf7b2912e62a5772d0b47d0548bfa92376ebc5fa08cbc21a4e
SHA512

95405496452b02225c2c292f53382e762adc0ea2a9cb9c07b9cd00a34d1405f27a5c3e4f928810b6b887dff71ff0a95faa09e41292078f1609dea5a9cdae1ab5
SSDEEP

12288:JcrNS33L10QdrXZT+tcWn0s6tKWOj4f1cfS4yWr9ousp1oRUr5jjo/:0NA3R5drX/W9tWqWSSSvU1oi4

Score

10^/10

njrat hacked discovery persistence trojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

2.tcp.ngrok.io:18729

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|Hassan|

Targets

- Target
  
  f12d0d690b86148cce1f7d01911b5359_JaffaCakes118
- Size
  
  760KB
- MD5
  
  f12d0d690b86148cce1f7d01911b5359
- SHA1
  
  34cba5dc1de74d656c2b6e52789779689ff5d967
- SHA256
  
  3c90f7e66714f9cf7b2912e62a5772d0b47d0548bfa92376ebc5fa08cbc21a4e
- SHA512
  
  95405496452b02225c2c292f53382e762adc0ea2a9cb9c07b9cd00a34d1405f27a5c3e4f928810b6b887dff71ff0a95faa09e41292078f1609dea5a9cdae1ab5
- SSDEEP
  
  12288:JcrNS33L10QdrXZT+tcWn0s6tKWOj4f1cfS4yWr9ousp1oRUr5jjo/:0NA3R5drX/W9tWqWSSSvU1oi4
Score

10^/10

njrat hacked discovery persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackeddiscoverypersistencetrojan

behavioral2

njrathackeddiscoverypersistencetrojan