njrat | 93acb9535c462ac183f0210a512a912040e4704d73fc5b10e7ff8069e1551414 | Triage

Sharing

General

Target

JaffaCakes118_ffa824237f259118c06d3b9f5ae4aa60
Size

157KB
Sample

250111-na2lesxpcv
MD5

ffa824237f259118c06d3b9f5ae4aa60
SHA1

316144e70077452e586aa94f238c224d0733283a
SHA256

93acb9535c462ac183f0210a512a912040e4704d73fc5b10e7ff8069e1551414
SHA512

9f38e15fb2ed11591d91915fb509ccdbab952f7ef349f3026ab719101255a0467f926c665d6c2b25bd9e356abad27bf9e9c21e2669c5fc843227fa5b5f28a4fe
SSDEEP

3072:l7qI/o7bD02U+jX6UB0dE6UvCGKowohV19QAqZvgc6ld:qr0j+D6U6pH49QtZ4rld

Score

10^/10

njrat discovery evasion persistence privilege_escalation trojan

Malware Config

Targets

- Target
  
  JaffaCakes118_ffa824237f259118c06d3b9f5ae4aa60
- Size
  
  157KB
- MD5
  
  ffa824237f259118c06d3b9f5ae4aa60
- SHA1
  
  316144e70077452e586aa94f238c224d0733283a
- SHA256
  
  93acb9535c462ac183f0210a512a912040e4704d73fc5b10e7ff8069e1551414
- SHA512
  
  9f38e15fb2ed11591d91915fb509ccdbab952f7ef349f3026ab719101255a0467f926c665d6c2b25bd9e356abad27bf9e9c21e2669c5fc843227fa5b5f28a4fe
- SSDEEP
  
  3072:l7qI/o7bD02U+jX6UB0dE6UvCGKowohV19QAqZvgc6ld:qr0j+D6U6pH49QtZ4rld
Score

10^/10

njrat discovery evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratdiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

njratdiscoveryevasionpersistenceprivilege_escalationtrojan