njrat | da6f282bda21ae7d7672b12038088c5683f4b6c05f651bb8bcce0e50330cd7f0 | Triage

Sharing

General

Target

e89734cb5f03a7205150c1dd2b63f482_JaffaCakes118
Size

1.3MB
Sample

241212-2hp49azkfz
MD5

e89734cb5f03a7205150c1dd2b63f482
SHA1

e13bcecf89bd561fa0dee793c7768e7d905997b4
SHA256

da6f282bda21ae7d7672b12038088c5683f4b6c05f651bb8bcce0e50330cd7f0
SHA512

a43373f0d5ef35317f9ccbd4b5a3269c2fa4ae2247f509e148fe73fd8a0a6a36111b2286bd76553d63696878761a863c536f3b48d8e934953bd9f96a7c39d75c
SSDEEP

24576:9Lf44W9ESiWy9EFFTZdXTZdHXTZdXTZzyQHqVE008sWVmiXMf7OM4pWC7FdT59Dl:uiSTZdXTZdHXTZdXTZzyQKVE0zmDI

Score

10^/10

njrat hacked discovery persistence trojan

Malware Config

Extracted

Family

njrat

Version

v2.0

Botnet

HacKed

C2

62.227.124.106:5552

Mutex

Windows

Attributes

reg_key
Windows
splitter
|-F-|

Targets

- Target
  
  e89734cb5f03a7205150c1dd2b63f482_JaffaCakes118
- Size
  
  1.3MB
- MD5
  
  e89734cb5f03a7205150c1dd2b63f482
- SHA1
  
  e13bcecf89bd561fa0dee793c7768e7d905997b4
- SHA256
  
  da6f282bda21ae7d7672b12038088c5683f4b6c05f651bb8bcce0e50330cd7f0
- SHA512
  
  a43373f0d5ef35317f9ccbd4b5a3269c2fa4ae2247f509e148fe73fd8a0a6a36111b2286bd76553d63696878761a863c536f3b48d8e934953bd9f96a7c39d75c
- SSDEEP
  
  24576:9Lf44W9ESiWy9EFFTZdXTZdHXTZdXTZzyQHqVE008sWVmiXMf7OM4pWC7FdT59Dl:uiSTZdXTZdHXTZdXTZzyQKVE0zmDI
Score

10^/10

njrat hacked discovery persistence trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackeddiscoverypersistencetrojan

behavioral2

njrathackeddiscoverypersistencetrojan