Overview

overview

10

Static

static

3

fb72f0591e...18.exe

windows7-x64

10

fb72f0591e...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fb72f0591e5f80de93a65963c595ba36_JaffaCakes118

  • Size

    509KB

  • Sample

    240419-3xrgasbf6y

  • MD5

    fb72f0591e5f80de93a65963c595ba36

  • SHA1

    e5ec5663d0d82c21d87651b8484ffd023dfde090

  • SHA256

    dea61f818fc8d46e9e08f10e077680c46b55eed4ac519fe8223370a63dc17b8c

  • SHA512

    73c7a9421e591bedbf2a8e83039014aec59a8c1ccf111db1aa9977a4c6c1b687a40b9d96261ff5471ab92e82c7092436720e3228f882927b54bbdc5c545681c8

  • SSDEEP

    12288:b18VfZlx7rrW4GrPKmVzlDDABu6AKVeLv7P8Tgkalm+btGMvVyeTEk9GmLMwJC5J:CWhXvMhE6

Score
10/10
njrathackedevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

doza122.con-ip.com:5552

Mutex

68a4a42151e9c45f922a140954d9441d

Attributes
  • reg_key

    68a4a42151e9c45f922a140954d9441d

  • splitter

    |'|'|

Targets

    • Target

      fb72f0591e5f80de93a65963c595ba36_JaffaCakes118

    • Size

      509KB

    • MD5

      fb72f0591e5f80de93a65963c595ba36

    • SHA1

      e5ec5663d0d82c21d87651b8484ffd023dfde090

    • SHA256

      dea61f818fc8d46e9e08f10e077680c46b55eed4ac519fe8223370a63dc17b8c

    • SHA512

      73c7a9421e591bedbf2a8e83039014aec59a8c1ccf111db1aa9977a4c6c1b687a40b9d96261ff5471ab92e82c7092436720e3228f882927b54bbdc5c545681c8

    • SSDEEP

      12288:b18VfZlx7rrW4GrPKmVzlDDABu6AKVeLv7P8Tgkalm+btGMvVyeTEk9GmLMwJC5J:CWhXvMhE6

    Score
    10/10
    njrathackedevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks