njrat | 1788872a46f28d6e1593df23c4502bc5834b9f41f9e544b74848aea6913939ba | Triage

Sharing

General

Target

c87001299a6b8f5e31816b5fe5689f77_JaffaCakes118
Size

43KB
Sample

241205-tcqjtsxmfq
MD5

c87001299a6b8f5e31816b5fe5689f77
SHA1

0f9dd0039bd8e59f153b9fee598f97eb21e0677c
SHA256

1788872a46f28d6e1593df23c4502bc5834b9f41f9e544b74848aea6913939ba
SHA512

bcbd0f94f17f60a9ab894077f23afe165a423abcc046e6edcc58860b8fbe01b47f221749a6af630abdab06443388986667639075e724ace7f82a627078ee97ba
SSDEEP

384:2Zy0KNUst+3gUy6L7nCCCE8b9JszQIij+ZsNO3PlpJKkkjh/TzF7pWnL0greT0pe:s8wQh6PnlWbuuXQ/oCQ+L

Score

10^/10

njrat dolbaeb@discovery persistence trojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

dolbaeb@

C2

aronakich.ddns.net:5552

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|Hassan|

Targets

- Target
  
  c87001299a6b8f5e31816b5fe5689f77_JaffaCakes118
- Size
  
  43KB
- MD5
  
  c87001299a6b8f5e31816b5fe5689f77
- SHA1
  
  0f9dd0039bd8e59f153b9fee598f97eb21e0677c
- SHA256
  
  1788872a46f28d6e1593df23c4502bc5834b9f41f9e544b74848aea6913939ba
- SHA512
  
  bcbd0f94f17f60a9ab894077f23afe165a423abcc046e6edcc58860b8fbe01b47f221749a6af630abdab06443388986667639075e724ace7f82a627078ee97ba
- SSDEEP
  
  384:2Zy0KNUst+3gUy6L7nCCCE8b9JszQIij+ZsNO3PlpJKkkjh/TzF7pWnL0greT0pe:s8wQh6PnlWbuuXQ/oCQ+L
Score

10^/10

njrat dolbaeb@discovery persistence trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratdolbaeb@discoverypersistencetrojan

behavioral2

njratdolbaeb@discoverypersistencetrojan