Overview

overview

10

Static

static

3

01be0f63b8...18.exe

windows7-x64

10

01be0f63b8...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    01be0f63b83a3f8be45183cd82cd00d6_JaffaCakes118

  • Size

    25KB

  • Sample

    240426-1q36eadg3s

  • MD5

    01be0f63b83a3f8be45183cd82cd00d6

  • SHA1

    51ef195488b3dabfaffd7d71170687cad0630558

  • SHA256

    76522a7da91a602f2f94d5825c1ebc972570d5e22c5ea7f5c69bf127f6bd9de0

  • SHA512

    5fd51f48a3609be09600cbd59538b5ba16088f2f68aae564d009a2b6ff6200ca599828cfbd47004d943e7d215d899f8d5c3e00bec4d608b61e7ff1064e855017

  • SSDEEP

    384:sv3ZIP+eHQSAfDiEzCDTbNiYIR51EvSGcTLIdM8rysFIUdtAnkHNpWH90:svpHeHQSAmcCDT5izR5W6TsfusO48KWK

Score
10/10
njrathackedpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

46.72.27.241:7777

Mutex

Windows Update

Attributes
  • reg_key

    Windows Update

  • splitter

    |Hassan|

Targets

    • Target

      01be0f63b83a3f8be45183cd82cd00d6_JaffaCakes118

    • Size

      25KB

    • MD5

      01be0f63b83a3f8be45183cd82cd00d6

    • SHA1

      51ef195488b3dabfaffd7d71170687cad0630558

    • SHA256

      76522a7da91a602f2f94d5825c1ebc972570d5e22c5ea7f5c69bf127f6bd9de0

    • SHA512

      5fd51f48a3609be09600cbd59538b5ba16088f2f68aae564d009a2b6ff6200ca599828cfbd47004d943e7d215d899f8d5c3e00bec4d608b61e7ff1064e855017

    • SSDEEP

      384:sv3ZIP+eHQSAfDiEzCDTbNiYIR51EvSGcTLIdM8rysFIUdtAnkHNpWH90:svpHeHQSAmcCDT5izR5W6TsfusO48KWK

    Score
    10/10
    njrathackedpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks