njrat | 9dd781011a949fc71a72f5f34b14f7a862a1b530d9cf5ad516aad2e7dcf52c60 | Triage

Sharing

General

Target

JaffaCakes118_69f29a8cb60aa6cf1c6caab6ab6a4a5f
Size

99KB
Sample

250107-sjkfqayjaq
MD5

69f29a8cb60aa6cf1c6caab6ab6a4a5f
SHA1

935243828007ecbec099735ace9e499a2b1aefa4
SHA256

9dd781011a949fc71a72f5f34b14f7a862a1b530d9cf5ad516aad2e7dcf52c60
SHA512

28f56a0a02d440a1a24340b58eafe01fa37d4499bac5bc43850368f749308dff59f41f6b66ac8491c7b7838c3ba99643c5eb47ff025d89828c64faabaa69e0ec
SSDEEP

1536:CzIElEkSCxdMK3olT5+oabxtyq9F2to9rO1wR22IFqK6vlFLlrK:CzIEuEdd3oh5CEGU3XwE

Score

10^/10

njrat hacked discovery trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

192.168.11.141:5552

Mutex

78aba1c78ff26f1db3f972471aed1aa2

Attributes

reg_key
78aba1c78ff26f1db3f972471aed1aa2
splitter
|'|'|

Targets

- Target
  
  JaffaCakes118_69f29a8cb60aa6cf1c6caab6ab6a4a5f
- Size
  
  99KB
- MD5
  
  69f29a8cb60aa6cf1c6caab6ab6a4a5f
- SHA1
  
  935243828007ecbec099735ace9e499a2b1aefa4
- SHA256
  
  9dd781011a949fc71a72f5f34b14f7a862a1b530d9cf5ad516aad2e7dcf52c60
- SHA512
  
  28f56a0a02d440a1a24340b58eafe01fa37d4499bac5bc43850368f749308dff59f41f6b66ac8491c7b7838c3ba99643c5eb47ff025d89828c64faabaa69e0ec
- SSDEEP
  
  1536:CzIElEkSCxdMK3olT5+oabxtyq9F2to9rO1wR22IFqK6vlFLlrK:CzIEuEdd3oh5CEGU3XwE
Score

10^/10

njrat hacked discovery trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackeddiscoverytrojan

behavioral2

njrathackeddiscoverytrojan