njrat | 16dd470cb509378fa66178d54a2376f26c204a8d7742eeacd746106aa8fb43a2 | Triage

Sharing

General

Target

21a041665739c2c913f293f0d8085e0d_JaffaCakes118
Size

6.9MB
Sample

241008-p5aa4ayapp
MD5

21a041665739c2c913f293f0d8085e0d
SHA1

bfc0dcdab5efeb5cfc6ea38f2f7ad40a3e5e8d4e
SHA256

16dd470cb509378fa66178d54a2376f26c204a8d7742eeacd746106aa8fb43a2
SHA512

6b0e104e2f3826bf9300866a02b7249f2ed0cc111f76f8c786f84be8af7b647257e7ac542babfecbb6d8a702ae779d74821bcdf39db26b67622a77ce302d6100
SSDEEP

196608:mezqgNY2R7H8FCp3u1685Gkip0hyL0HV:mez/W2tcoN0guI0H

Score

10^/10

njrat ??????discovery persistence trojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

??????

C2

5.166.121.239:15

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|Hassan|

Targets

- Target
  
  21a041665739c2c913f293f0d8085e0d_JaffaCakes118
- Size
  
  6.9MB
- MD5
  
  21a041665739c2c913f293f0d8085e0d
- SHA1
  
  bfc0dcdab5efeb5cfc6ea38f2f7ad40a3e5e8d4e
- SHA256
  
  16dd470cb509378fa66178d54a2376f26c204a8d7742eeacd746106aa8fb43a2
- SHA512
  
  6b0e104e2f3826bf9300866a02b7249f2ed0cc111f76f8c786f84be8af7b647257e7ac542babfecbb6d8a702ae779d74821bcdf39db26b67622a77ce302d6100
- SSDEEP
  
  196608:mezqgNY2R7H8FCp3u1685Gkip0hyL0HV:mez/W2tcoN0guI0H
Score

10^/10

njrat ??????discovery persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrat??????discoverypersistencetrojan