njrat | cbf31fa68fe0267f1d43837f5229d473d8b9f46a1d2d7156676e7fdbb8531fc7 | Triage

Sharing

General

Target

JaffaCakes118_7dc2a638ded88fd1da4dae0dce0b5fe5
Size

103KB
Sample

250107-2xl15ssnfy
MD5

7dc2a638ded88fd1da4dae0dce0b5fe5
SHA1

ef5eaafbdec8e89ad3b88650d9866d6268363698
SHA256

cbf31fa68fe0267f1d43837f5229d473d8b9f46a1d2d7156676e7fdbb8531fc7
SHA512

c58dbac5d498045dabf93530d2df0a91783458b15596c8cc0a27c3093674b85c5f884de88f13babb722d8fe94cc0d420f81f5993c3264298359701e2df6b0395
SSDEEP

1536:J7SbmW9xXfy0AeX9kSNvnyY21oFhWzc9PkykrIxFZEb8t/Fp:J7SbJ9ZX9kqKY21Bqk0Zt

Score

10^/10

njrat discovery trojan

Malware Config

Targets

- Target
  
  JaffaCakes118_7dc2a638ded88fd1da4dae0dce0b5fe5
- Size
  
  103KB
- MD5
  
  7dc2a638ded88fd1da4dae0dce0b5fe5
- SHA1
  
  ef5eaafbdec8e89ad3b88650d9866d6268363698
- SHA256
  
  cbf31fa68fe0267f1d43837f5229d473d8b9f46a1d2d7156676e7fdbb8531fc7
- SHA512
  
  c58dbac5d498045dabf93530d2df0a91783458b15596c8cc0a27c3093674b85c5f884de88f13babb722d8fe94cc0d420f81f5993c3264298359701e2df6b0395
- SSDEEP
  
  1536:J7SbmW9xXfy0AeX9kSNvnyY21oFhWzc9PkykrIxFZEb8t/Fp:J7SbJ9ZX9kqKY21Bqk0Zt
Score

10^/10

njrat discovery trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratdiscoverytrojan

behavioral2

njratdiscoverytrojan