njrat | 6390420606e1cc53a9b1b4e0f5de74579b0d7f8e6a5764e756a5834a6e8e4ef1 | Triage

Sharing

General

Target

60ba21859995cc58f4c83f517f404e7f_JaffaCakes118
Size

2.0MB
Sample

241020-gtc9lsvdrl
MD5

60ba21859995cc58f4c83f517f404e7f
SHA1

08ba459aa1703b30c438a697a1b4a928b535659e
SHA256

6390420606e1cc53a9b1b4e0f5de74579b0d7f8e6a5764e756a5834a6e8e4ef1
SHA512

0932af47841221151545548b6d8abdd312e1da29f44586025f792c1b8476c1c8464193fbd3d16a060537494622c6b2f6a2dcd4e9e73f71ead6c651d00f42db02
SSDEEP

49152:JTQhtsJUzvV9JlAaQWCt4oMXvQdUide+viDz372y7S7:VqFzt9ca9Ct4e5dNgzA

Score

10^/10

njrat persistence trojan

Malware Config

Extracted

Family

njrat

Version

Stub

Mutex

fiouyasgdhiyfo

Attributes

reg_key
fiouyasgdhiyfo
splitter
|'|'|

Targets

- Target
  
  60ba21859995cc58f4c83f517f404e7f_JaffaCakes118
- Size
  
  2.0MB
- MD5
  
  60ba21859995cc58f4c83f517f404e7f
- SHA1
  
  08ba459aa1703b30c438a697a1b4a928b535659e
- SHA256
  
  6390420606e1cc53a9b1b4e0f5de74579b0d7f8e6a5764e756a5834a6e8e4ef1
- SHA512
  
  0932af47841221151545548b6d8abdd312e1da29f44586025f792c1b8476c1c8464193fbd3d16a060537494622c6b2f6a2dcd4e9e73f71ead6c651d00f42db02
- SSDEEP
  
  49152:JTQhtsJUzvV9JlAaQWCt4oMXvQdUide+viDz372y7S7:VqFzt9ca9Ct4e5dNgzA
Score

10^/10

njrat trojan persistence
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

njratpersistencetrojan