njrat | a3a30a8a88866a0e3d8d9dc723926ab6aed597f93553b4ea893ba6833994ca5f | Triage

Sharing

General

Target

JaffaCakes118_a3a30a8a88866a0e3d8d9dc723926ab6aed597f93553b4ea893ba6833994ca5f
Size

12KB
Sample

241225-a6ejwasmay
MD5

fc6e899ae5eeaa781bf48915defc7873
SHA1

b6740b3bbf4a8b6057a317dbb260233b99e1b352
SHA256

a3a30a8a88866a0e3d8d9dc723926ab6aed597f93553b4ea893ba6833994ca5f
SHA512

ebcb740529c753f08c11e3bdd667d4049e3d5057395ad5583c7ecbd3c09247d9933e375bece88c87cccee58d8830a8b30ac50428a446292dbb6d2e59cc422485
SSDEEP

384:bVsPzL2bp5XjxqUJAfjwnxnsAviVe4iwRUa4dEW:bV7bbXjxjKfOswiA4iwR2EW

Score

10^/10

njrat alllogs discovery

Malware Config

Extracted

Family

njrat

Version

v2.0

Botnet

ALLLOGS

C2

rendomaname.duckdns.org:7474

Mutex

Windows

Attributes

reg_key
Windows
splitter
|-F-|

Targets

- Target
  
  sample.bin
- Size
  
  27KB
- MD5
  
  665ec018a239fca7d6745c590a5610c2
- SHA1
  
  4bb1e8388d2508cc07363be0a26849c50f7685d3
- SHA256
  
  dd2b45ae8c212c2870994a9069d600b93e84bba19bb9b4c7d1d3e6ca260b0361
- SHA512
  
  a01ad80a17c2d3b09008f0e7ab527153920d57873f711915f0d4962d95d6c248d6414a5e02aef1892b238d468de8f04fb609b34032a9ce2bc133869d99f6c134
- SSDEEP
  
  384:hLjkbV23m4AfVBol22CoP6udRNMpAQk93vmhm7UMKmIEecKdbXTzm9bVhca96hrZ:BjeJ7gEpA/vMHTi9bD
Score

7^/10

discovery
- Drops startup file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2