njrat | e0ac682aeb11e5f6edef9ee02bc9265baaa0f5895df6096a3534e866bd7cbea9 | Triage

Sharing

General

Target

f59de44b51e940063ae0e918a64e5038_JaffaCakes118
Size

25KB
Sample

240925-kjpfnsydme
MD5

f59de44b51e940063ae0e918a64e5038
SHA1

85e2dc244271db156564009ed0cab7a1746626ad
SHA256

e0ac682aeb11e5f6edef9ee02bc9265baaa0f5895df6096a3534e866bd7cbea9
SHA512

2d10b0446f74d03c4813399fab386f6d2a3420a3a4f4dcbcd2d6f770aa24302a202faa450b34b9b64a1abaa238ba4bd9e7e5731bd7ccc81c36afba78f250ab36
SSDEEP

768:svp2fcEUdK5xGnQ8wf5jgcvurl2pEhcf5c+8eDbAlnBodB:QocdQjGn0fZTEhchcF9Bs

Score

10^/10

njrat hacked trojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

0.tcp.ngrok.io:11485

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|Hassan|

Targets

- Target
  
  f59de44b51e940063ae0e918a64e5038_JaffaCakes118
- Size
  
  25KB
- MD5
  
  f59de44b51e940063ae0e918a64e5038
- SHA1
  
  85e2dc244271db156564009ed0cab7a1746626ad
- SHA256
  
  e0ac682aeb11e5f6edef9ee02bc9265baaa0f5895df6096a3534e866bd7cbea9
- SHA512
  
  2d10b0446f74d03c4813399fab386f6d2a3420a3a4f4dcbcd2d6f770aa24302a202faa450b34b9b64a1abaa238ba4bd9e7e5731bd7ccc81c36afba78f250ab36
- SSDEEP
  
  768:svp2fcEUdK5xGnQ8wf5jgcvurl2pEhcf5c+8eDbAlnBodB:QocdQjGn0fZTEhchcF9Bs
Score

10^/10

njrat hacked trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackedtrojan

behavioral2

njrathackedtrojan