njrat | ebc6f84e9b1af651b91f5c243258eef12de812eff11ff8503534a01547018995 | Triage

Sharing

General

Target

f5071ca408e2d06f8bff28d19a23c246_JaffaCakes118
Size

246KB
Sample

240925-dh1c8a1drj
MD5

f5071ca408e2d06f8bff28d19a23c246
SHA1

9f08503a58f3a7caa76187d016aee94a219c442e
SHA256

ebc6f84e9b1af651b91f5c243258eef12de812eff11ff8503534a01547018995
SHA512

e18f3389245957854ab1c83cbbad99db6c94410f4ea1ba425348acefdacf98df6de1a50b790ee0c174c1a99b22698596c1ad66c4cec3d3b37ad85ecb87c8df7d
SSDEEP

3072:SotsPanE1UUbQn07QwrQAzArT4HI7k6YsPlCVu/1k6amtZXuxHetsZaclNxd2j:SFUcgOs1f70IYmtsHmsnXd2

Score

10^/10

njrat office discovery trojan

Malware Config

Extracted

Family

njrat

Version

0.7.3

Botnet

Office

C2

160.116.15.134:3361

Mutex

Client.exe

Attributes

reg_key
Client.exe
splitter
1122

Targets

- Target
  
  f5071ca408e2d06f8bff28d19a23c246_JaffaCakes118
- Size
  
  246KB
- MD5
  
  f5071ca408e2d06f8bff28d19a23c246
- SHA1
  
  9f08503a58f3a7caa76187d016aee94a219c442e
- SHA256
  
  ebc6f84e9b1af651b91f5c243258eef12de812eff11ff8503534a01547018995
- SHA512
  
  e18f3389245957854ab1c83cbbad99db6c94410f4ea1ba425348acefdacf98df6de1a50b790ee0c174c1a99b22698596c1ad66c4cec3d3b37ad85ecb87c8df7d
- SSDEEP
  
  3072:SotsPanE1UUbQn07QwrQAzArT4HI7k6YsPlCVu/1k6amtZXuxHetsZaclNxd2j:SFUcgOs1f70IYmtsHmsnXd2
Score

10^/10

discovery njrat office trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

njratofficediscoverytrojan