njrat | 9664cc9872bacb97ef71f8e338aae99cee8ea9baf05b53b953179bc822c1ec98 | Triage

Sharing

General

Target

JaffaCakes118_64a1305ac55ad2298a5d633a999b5d30
Size

831KB
Sample

250102-m63b6asjak
MD5

64a1305ac55ad2298a5d633a999b5d30
SHA1

b3656b85afb9ed91f690dc45b1f5b57aae59f6d9
SHA256

9664cc9872bacb97ef71f8e338aae99cee8ea9baf05b53b953179bc822c1ec98
SHA512

42dd878b0b79c757bd7f60e4829958924fc377868adf50977ea239976238c12cdb8a23bbe541e8024f632d55c893e18890ed74e867944d25bf467eb6973284fe
SSDEEP

12288:qBWAVE72apD55V2ueryegQ29dIZXQizvuafumQt:qBMQ2Ddp

Score

10^/10

njrat hacked discovery trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

markosi.zapto.org:5552

Mutex

76c71662c3dfdef31fe8f98f838075cc

Attributes

reg_key
76c71662c3dfdef31fe8f98f838075cc
splitter
|'|'|

Targets

- Target
  
  JaffaCakes118_64a1305ac55ad2298a5d633a999b5d30
- Size
  
  831KB
- MD5
  
  64a1305ac55ad2298a5d633a999b5d30
- SHA1
  
  b3656b85afb9ed91f690dc45b1f5b57aae59f6d9
- SHA256
  
  9664cc9872bacb97ef71f8e338aae99cee8ea9baf05b53b953179bc822c1ec98
- SHA512
  
  42dd878b0b79c757bd7f60e4829958924fc377868adf50977ea239976238c12cdb8a23bbe541e8024f632d55c893e18890ed74e867944d25bf467eb6973284fe
- SSDEEP
  
  12288:qBWAVE72apD55V2ueryegQ29dIZXQizvuafumQt:qBMQ2Ddp
Score

10^/10

njrat hacked discovery trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackeddiscoverytrojan

behavioral2