njrat | c495216aa993b75c2e7929d5f35709ec5367eb705dd90ea05825a3951d03b4b1 | Triage

Sharing

General

Target

JaffaCakes118_06dcd4401eaeb4cf01f7df9296cb67fe
Size

175KB
Sample

250106-bzy6da1qas
MD5

06dcd4401eaeb4cf01f7df9296cb67fe
SHA1

a81e1381a8dea63ec3fe50547390965caad10a16
SHA256

c495216aa993b75c2e7929d5f35709ec5367eb705dd90ea05825a3951d03b4b1
SHA512

7cc72220793df813b09475a713081d8c35509ff06162faa47921d963e903bb07ff0f8ad9216e71e3b694914420f61cdf1031f11dbeb126d70bb14973aa24ab69
SSDEEP

3072:MRbEC2Oi8NXC797F8TBfFvj4bq5790sR+hsUDOj20:M2C2F8NXC796TB9vj489Jes+Oj7

Score

10^/10

njrat discovery trojan

Malware Config

Targets

- Target
  
  JaffaCakes118_06dcd4401eaeb4cf01f7df9296cb67fe
- Size
  
  175KB
- MD5
  
  06dcd4401eaeb4cf01f7df9296cb67fe
- SHA1
  
  a81e1381a8dea63ec3fe50547390965caad10a16
- SHA256
  
  c495216aa993b75c2e7929d5f35709ec5367eb705dd90ea05825a3951d03b4b1
- SHA512
  
  7cc72220793df813b09475a713081d8c35509ff06162faa47921d963e903bb07ff0f8ad9216e71e3b694914420f61cdf1031f11dbeb126d70bb14973aa24ab69
- SSDEEP
  
  3072:MRbEC2Oi8NXC797F8TBfFvj4bq5790sR+hsUDOj20:M2C2F8NXC796TB9vj489Jes+Oj7
Score

10^/10

njrat discovery trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratdiscoverytrojan

behavioral2

njratdiscoverytrojan