njrat | cbf9299727f0613de3e3a19448c11caed02e55a3b36fa95f430845e623424d20 | Triage

Sharing

General

Target

JaffaCakes118_69eb0832d98c83d5c94c474a0ca6aad0
Size

901KB
Sample

250103-dvtq7sxmat
MD5

69eb0832d98c83d5c94c474a0ca6aad0
SHA1

c8ae980629adc9f1574e8a286816b51cdbf1e7e2
SHA256

cbf9299727f0613de3e3a19448c11caed02e55a3b36fa95f430845e623424d20
SHA512

429a634a50f3a36dfe48eb8469e9cbd001333e0b1b53875f9e4d5955ac6ae6bfb44909ffd5747fea7bf215c81369207cc9dd5892f7d975ffd8bfef14c3d43105
SSDEEP

24576:yu6Jx3O0c+JY5UZ+XC0kGso/Wa4qRhRWY:0I0c++OCvkGsUWa45Y

Score

10^/10

njrat صكار اسرائيل discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

صكار اسرائيل

C2

loosseer1212.no-ip.biz:1177

Mutex

fda1b53348dc22221dca87be5f572ecd

Attributes

reg_key
fda1b53348dc22221dca87be5f572ecd
splitter
|'|'|

Targets

- Target
  
  JaffaCakes118_69eb0832d98c83d5c94c474a0ca6aad0
- Size
  
  901KB
- MD5
  
  69eb0832d98c83d5c94c474a0ca6aad0
- SHA1
  
  c8ae980629adc9f1574e8a286816b51cdbf1e7e2
- SHA256
  
  cbf9299727f0613de3e3a19448c11caed02e55a3b36fa95f430845e623424d20
- SHA512
  
  429a634a50f3a36dfe48eb8469e9cbd001333e0b1b53875f9e4d5955ac6ae6bfb44909ffd5747fea7bf215c81369207cc9dd5892f7d975ffd8bfef14c3d43105
- SSDEEP
  
  24576:yu6Jx3O0c+JY5UZ+XC0kGso/Wa4qRhRWY:0I0c++OCvkGsUWa45Y
Score

10^/10

njrat صكار اسرائيل discovery evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratصكار اسرائيلdiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

njratصكار اسرائيلdiscoveryevasionpersistenceprivilege_escalationtrojan