njrat | 6a3cd0efa35f0834f1c0435c1c051da5e128988e08cead8d9c82a57da2bf4c80 | Triage

Sharing

General

Target

JaffaCakes118_c48758624af273af2d9876834c31a3d8
Size

111KB
Sample

250109-lcg9fsxrgn
MD5

c48758624af273af2d9876834c31a3d8
SHA1

1a35126b5bbc2b47b9e772eee2969b206c32e5bc
SHA256

6a3cd0efa35f0834f1c0435c1c051da5e128988e08cead8d9c82a57da2bf4c80
SHA512

9b8f8e2d498c28efce4431220a1557e67db02fabf70b4097902ce85e7709af39c0f23d9556256df9b7a46b1f69bc05e9a64c1b2e07a5f2a81b34f14f0aabfc90
SSDEEP

1536:C8OCPjUq4QRwDBWtTcnNzmWb3Aq3Gh5nRdWKA3oM6:C8yq4gwDBWtTcBrbLGmKAYM6

Score

10^/10

njrat hacked discovery trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

192.168.11.141:5552

Mutex

78aba1c78ff26f1db3f972471aed1aa2

Attributes

reg_key
78aba1c78ff26f1db3f972471aed1aa2
splitter
|'|'|

Targets

- Target
  
  JaffaCakes118_c48758624af273af2d9876834c31a3d8
- Size
  
  111KB
- MD5
  
  c48758624af273af2d9876834c31a3d8
- SHA1
  
  1a35126b5bbc2b47b9e772eee2969b206c32e5bc
- SHA256
  
  6a3cd0efa35f0834f1c0435c1c051da5e128988e08cead8d9c82a57da2bf4c80
- SHA512
  
  9b8f8e2d498c28efce4431220a1557e67db02fabf70b4097902ce85e7709af39c0f23d9556256df9b7a46b1f69bc05e9a64c1b2e07a5f2a81b34f14f0aabfc90
- SSDEEP
  
  1536:C8OCPjUq4QRwDBWtTcnNzmWb3Aq3Gh5nRdWKA3oM6:C8yq4gwDBWtTcBrbLGmKAYM6
Score

10^/10

njrat hacked discovery trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackeddiscoverytrojan

behavioral2

njrathackeddiscoverytrojan