njrat | c9b7158b61aa85faaa40ba6188ed612783963f2d67ca61117dd81af3861140de | Triage

Sharing

General

Target

JaffaCakes118_628d18521ab38530da03c31f80c3ddc9
Size

96KB
Sample

250102-en9phssmay
MD5

628d18521ab38530da03c31f80c3ddc9
SHA1

a13468e507598364bb4727725c0f5788ea371ac3
SHA256

c9b7158b61aa85faaa40ba6188ed612783963f2d67ca61117dd81af3861140de
SHA512

08cd9e38da1fceadb42720e287713670d789e12ed517b30ca67c8749ac19553533ad25e22d685f349b7976ac15f3a9f3f57d8b79261e319eb83f625b4004283a
SSDEEP

1536:zHv/gtmQdQWbDt7/xAF8ewaP6/f3I1+EKxtqErD2:z3gtmQdFt/xAhwaPof3IYztD2

Score

10^/10

njrat mmb_im discovery trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

MMB_IM

C2

crazy0love.no-ip.info:2222

Mutex

4bee2ac1f11bbf1039ce1d58d3fa0ae7

Attributes

reg_key
4bee2ac1f11bbf1039ce1d58d3fa0ae7
splitter
|'|'|

Targets

- Target
  
  JaffaCakes118_628d18521ab38530da03c31f80c3ddc9
- Size
  
  96KB
- MD5
  
  628d18521ab38530da03c31f80c3ddc9
- SHA1
  
  a13468e507598364bb4727725c0f5788ea371ac3
- SHA256
  
  c9b7158b61aa85faaa40ba6188ed612783963f2d67ca61117dd81af3861140de
- SHA512
  
  08cd9e38da1fceadb42720e287713670d789e12ed517b30ca67c8749ac19553533ad25e22d685f349b7976ac15f3a9f3f57d8b79261e319eb83f625b4004283a
- SSDEEP
  
  1536:zHv/gtmQdQWbDt7/xAF8ewaP6/f3I1+EKxtqErD2:z3gtmQdFt/xAhwaPof3IYztD2
Score

10^/10

njrat mmb_im discovery trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratmmb_imdiscoverytrojan

behavioral2