Overview

overview

10

Static

static

3

fc8d5338f1...18.exe

windows7-x64

10

fc8d5338f1...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fc8d5338f19d511c0a4459b58e5f7443_JaffaCakes118

  • Size

    56KB

  • Sample

    240420-mjnkgseh81

  • MD5

    fc8d5338f19d511c0a4459b58e5f7443

  • SHA1

    85161dc783dd0c62ae9413dc5626ba136cf8f1ad

  • SHA256

    5d5ab9ba6dea4c9d49adfff2cb09ae618b494ca21623d5ad73a5d44a0557bf45

  • SHA512

    1dbed83089c42afbbcb47f0839643dd668aad59236b59d2aac57147c8f2cff4f61e6a0481f9f6051aaf227563853560dc20f5298acd3674a8c488974d129100b

  • SSDEEP

    768:LnDAnq2cxGmfZ1RaeppNs/9W9jK16+DSpseGvzmtRBdo7q8vm:Lknq2UG0Z1RaWNs/Q9k7CsDvgBdo7qd

Score
10/10
njrathackedevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

89.34.99.133:1202

Mutex

fc19433d210e3d2d82d190a84dd3ce6c

Attributes
  • reg_key

    fc19433d210e3d2d82d190a84dd3ce6c

  • splitter

    |'|'|

Targets

    • Target

      fc8d5338f19d511c0a4459b58e5f7443_JaffaCakes118

    • Size

      56KB

    • MD5

      fc8d5338f19d511c0a4459b58e5f7443

    • SHA1

      85161dc783dd0c62ae9413dc5626ba136cf8f1ad

    • SHA256

      5d5ab9ba6dea4c9d49adfff2cb09ae618b494ca21623d5ad73a5d44a0557bf45

    • SHA512

      1dbed83089c42afbbcb47f0839643dd668aad59236b59d2aac57147c8f2cff4f61e6a0481f9f6051aaf227563853560dc20f5298acd3674a8c488974d129100b

    • SSDEEP

      768:LnDAnq2cxGmfZ1RaeppNs/9W9jK16+DSpseGvzmtRBdo7q8vm:Lknq2UG0Z1RaWNs/Q9k7CsDvgBdo7qd

    Score
    10/10
    njrathackedevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks