njrat | 0eb998e122d7da2a5b25e06334a67011cada36a0e9f8faf7459aaa410501fab2 | Triage

Submit
Reports

Overview

overview

Static

static

3

921f017a81...18.exe

windows7-x64

921f017a81...18.exe

windows10-2004-x64

Sharing

General

Target

921f017a81f6d5b9ef1f7c02456ae2ed_JaffaCakes118
Size

647KB
Sample

241124-daerjswpfk
MD5

921f017a81f6d5b9ef1f7c02456ae2ed
SHA1

0150383f1d396e3d8ae6cba10931c40631074a18
SHA256

0eb998e122d7da2a5b25e06334a67011cada36a0e9f8faf7459aaa410501fab2
SHA512

3d70d51524e45579db11a32148338767310df164828a3b7bfdd8e20cc6a41ca4136b33cc1646d12f902d4d031e29e344b414b863be1f0e7d746374ff4d1cc8e1
SSDEEP

12288:IWAtyUBBIZ+T4nX03dvxlO6n/LJaJGHoAu/5G4CZUqejc+:FzyT3dvbO6nzJaJyoAMQ4CZUF

Score

10^/10

njrat miki discovery trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

921f017a81f6d5b9ef1f7c02456ae2ed_JaffaCakes118.exe

Resource

win7-20240729-en

njrat miki discovery trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

921f017a81f6d5b9ef1f7c02456ae2ed_JaffaCakes118.exe

Resource

win10v2004-20241007-en

njrat miki discovery trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Miki

C2

miki228.no-ip.biz:3333

Mutex

cd89814ed610dfb76df931218aa9422a

Attributes

reg_key
cd89814ed610dfb76df931218aa9422a
splitter
|'|'|

Targets

- Target
  
  921f017a81f6d5b9ef1f7c02456ae2ed_JaffaCakes118
- Size
  
  647KB
- MD5
  
  921f017a81f6d5b9ef1f7c02456ae2ed
- SHA1
  
  0150383f1d396e3d8ae6cba10931c40631074a18
- SHA256
  
  0eb998e122d7da2a5b25e06334a67011cada36a0e9f8faf7459aaa410501fab2
- SHA512
  
  3d70d51524e45579db11a32148338767310df164828a3b7bfdd8e20cc6a41ca4136b33cc1646d12f902d4d031e29e344b414b863be1f0e7d746374ff4d1cc8e1
- SSDEEP
  
  12288:IWAtyUBBIZ+T4nX03dvxlO6n/LJaJGHoAu/5G4CZUqejc+:FzyT3dvbO6nzJaJyoAMQ4CZUF
Score

10^/10

njrat miki discovery trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratmikidiscoverytrojan

behavioral2

njratmikidiscoverytrojan

© 2018-2025

Terms | Privacy