njrat | e987fbe9bd2c08c0b5074ae527a8ee581ebfc4ec09ea6040a04b9a1b3ec756d7 | Triage

Sharing

General

Target

JaffaCakes118_7d0d3ed7753323cf57633e0922144df2
Size

190KB
Sample

250107-2lbe9ssjfv
MD5

7d0d3ed7753323cf57633e0922144df2
SHA1

660f346f2551fd9df9e8c6085c474fd15c7abddc
SHA256

e987fbe9bd2c08c0b5074ae527a8ee581ebfc4ec09ea6040a04b9a1b3ec756d7
SHA512

9fcbae5249d9c11b16a3562206be742b05ff888d44591359cc63d4ef5147b177b4a9dd3caae9f379f1f3125cce59fcbbe68d32f0f1349bd680751cfd856d08eb
SSDEEP

3072:hupjxpGPQvZKwsD3KEFCIZtJAfBMIn8EBvud2ZsorFRXoOTqJBVcBry:0xpHvswsD379zaqy1WEZVnooqir

Score

10^/10

njrat discovery persistence trojan

Malware Config

Targets

- Target
  
  JaffaCakes118_7d0d3ed7753323cf57633e0922144df2
- Size
  
  190KB
- MD5
  
  7d0d3ed7753323cf57633e0922144df2
- SHA1
  
  660f346f2551fd9df9e8c6085c474fd15c7abddc
- SHA256
  
  e987fbe9bd2c08c0b5074ae527a8ee581ebfc4ec09ea6040a04b9a1b3ec756d7
- SHA512
  
  9fcbae5249d9c11b16a3562206be742b05ff888d44591359cc63d4ef5147b177b4a9dd3caae9f379f1f3125cce59fcbbe68d32f0f1349bd680751cfd856d08eb
- SSDEEP
  
  3072:hupjxpGPQvZKwsD3KEFCIZtJAfBMIn8EBvud2ZsorFRXoOTqJBVcBry:0xpHvswsD379zaqy1WEZVnooqir
Score

10^/10

njrat discovery persistence trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratdiscoverypersistencetrojan

behavioral2

njratdiscoverypersistencetrojan