njrat | 2991b783825b8456579525b03cd9274ad74412c247963062663dafa71c68164b | Triage

Sharing

General

Target

f6027875a09ed3bcf34ea949820503a2_JaffaCakes118
Size

707KB
Sample

240925-plfzjaybpf
MD5

f6027875a09ed3bcf34ea949820503a2
SHA1

f4822d9d58c34a34aecf649fa40a0cddbb93d34b
SHA256

2991b783825b8456579525b03cd9274ad74412c247963062663dafa71c68164b
SHA512

c2af77b35fced52547bafb1a31b4e92ca36eeb11aed4eb354cc803c4ebbd6ffd487e33dd44b6eed8566d12f1f90983023e188fa91a133d13ac58114588a93627
SSDEEP

12288:23pzVHgopJkemMSNaNyVyreJTPnt8NIu5P/ohxzQe18OLRX3YZc6RbHn:Mz9gopFmMSNagUGTPnt8Nx5Yhx9ltsX

Score

10^/10

njrat discovery trojan

Malware Config

Targets

- Target
  
  f6027875a09ed3bcf34ea949820503a2_JaffaCakes118
- Size
  
  707KB
- MD5
  
  f6027875a09ed3bcf34ea949820503a2
- SHA1
  
  f4822d9d58c34a34aecf649fa40a0cddbb93d34b
- SHA256
  
  2991b783825b8456579525b03cd9274ad74412c247963062663dafa71c68164b
- SHA512
  
  c2af77b35fced52547bafb1a31b4e92ca36eeb11aed4eb354cc803c4ebbd6ffd487e33dd44b6eed8566d12f1f90983023e188fa91a133d13ac58114588a93627
- SSDEEP
  
  12288:23pzVHgopJkemMSNaNyVyreJTPnt8NIu5P/ohxzQe18OLRX3YZc6RbHn:Mz9gopFmMSNagUGTPnt8Nx5Yhx9ltsX
Score

10^/10

njrat discovery trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratdiscoverytrojan

behavioral2

njratdiscoverytrojan