njrat | e230d46fe87f369b751eeae4b7cf25eee9791078ffcc56862047b9ac3466c510

General

Target

JaffaCakes118_7c004d925fe9c646fb1e7044e18d46a0
Size

282KB
Sample

250104-1t2rrayrd1
MD5

7c004d925fe9c646fb1e7044e18d46a0
SHA1

cbc7c64a532c435744210ed31f4edb2376233bc9
SHA256

e230d46fe87f369b751eeae4b7cf25eee9791078ffcc56862047b9ac3466c510
SHA512

4763640767f6b61711dcd42539e298087824200b80bf593f8ccdc837326f8b370f1987c3664f672909bd7944fc1d268ef5614a9a3432dda6b28043313e220a2f
SSDEEP

3072:PWoy0+w6w8HWRzT0ckkmmEKe1BzJhUMIpvz28MDh9x5gn+3ZTyMzuJNxEPBrH3MT:wW

Score

10^/10

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

HacKed

C2

127.0.0.1:1177

Mutex

5cd8f17f4086744065eb0992a09e05a2

Attributes

reg_key
5cd8f17f4086744065eb0992a09e05a2
splitter
|'|'|

Targets

- Target
  
  JaffaCakes118_7c004d925fe9c646fb1e7044e18d46a0
- Size
  
  282KB
- MD5
  
  7c004d925fe9c646fb1e7044e18d46a0
- SHA1
  
  cbc7c64a532c435744210ed31f4edb2376233bc9
- SHA256
  
  e230d46fe87f369b751eeae4b7cf25eee9791078ffcc56862047b9ac3466c510
- SHA512
  
  4763640767f6b61711dcd42539e298087824200b80bf593f8ccdc837326f8b370f1987c3664f672909bd7944fc1d268ef5614a9a3432dda6b28043313e220a2f
- SSDEEP
  
  3072:PWoy0+w6w8HWRzT0ckkmmEKe1BzJhUMIpvz28MDh9x5gn+3ZTyMzuJNxEPBrH3MT:wW
Score

10^/10

njrat hacked discovery trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Njrat family

njRAT/Bladabindi

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2