njrat | e8648c12edb71ba951b2306a7b235dbdc474f26e33319e8ba7219e4a50dd99bd | Triage

Sharing

General

Target

aeaea6351755710c58f417cb3950fa2c_JaffaCakes118
Size

2.7MB
Sample

241129-eajwyaypem
MD5

aeaea6351755710c58f417cb3950fa2c
SHA1

f70dd0ef55453aab682d9e7e7efb87c690160a9d
SHA256

e8648c12edb71ba951b2306a7b235dbdc474f26e33319e8ba7219e4a50dd99bd
SHA512

8f25389fdf030c6e432fffb73920f7c00bb4343c5f96e7c14743b277edf34f94ee40001912837f268d7191f1b6918d6c21e44d34e95eb6bdf673fd81b95af6ee
SSDEEP

49152:dJZoQrbTFZY1iacKz58Fcw8uaFKnS3Ubv/Ukd1Zau86XwNjI+zJD9PEe7M:dtrbTA1jr8smMkdDd86XwJXdd7M

Score

10^/10

njrat jøoker ħäằäckèr discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

JØoker ĦäằäCkèr

C2

hsn85.no-ip.biz:555

Mutex

8100c3226482ae95a43914b125e72414

Attributes

reg_key
8100c3226482ae95a43914b125e72414
splitter
|'|'|

Targets

- Target
  
  aeaea6351755710c58f417cb3950fa2c_JaffaCakes118
- Size
  
  2.7MB
- MD5
  
  aeaea6351755710c58f417cb3950fa2c
- SHA1
  
  f70dd0ef55453aab682d9e7e7efb87c690160a9d
- SHA256
  
  e8648c12edb71ba951b2306a7b235dbdc474f26e33319e8ba7219e4a50dd99bd
- SHA512
  
  8f25389fdf030c6e432fffb73920f7c00bb4343c5f96e7c14743b277edf34f94ee40001912837f268d7191f1b6918d6c21e44d34e95eb6bdf673fd81b95af6ee
- SSDEEP
  
  49152:dJZoQrbTFZY1iacKz58Fcw8uaFKnS3Ubv/Ukd1Zau86XwNjI+zJD9PEe7M:dtrbTA1jr8smMkdDd86XwJXdd7M
Score

10^/10

njrat jøoker ħäằäckèr discovery evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratjøoker ħäằäckèrdiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

discoveryevasionpersistenceprivilege_escalation