Overview

overview

10

Static

static

10

06a0479f35...18.exe

windows7-x64

10

06a0479f35...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    06a0479f35c40aa5f4ad5ac9e7e8d7e0_JaffaCakes118

  • Size

    43KB

  • Sample

    240429-cyt1psfe78

  • MD5

    06a0479f35c40aa5f4ad5ac9e7e8d7e0

  • SHA1

    8b583388bf00c4c4a1baa7ef7c74c34d259f4c63

  • SHA256

    0ccfa04a385ad222e13c8fa3b8b1db0825b28e985db601bb537e6d88cba39fc2

  • SHA512

    3a6bc2c950dd56ead6bda9baea356dec9b0e6e1087bdb08c084e9934b9e9e0cb14abe39ddd5f30c219b5463aaa948595a9a90c9a8eddaf3eeb2e3ceae0d04acc

  • SSDEEP

    384:IZyJGMFgpWoy7upvFOSWM9IXAkHC9D9O5UE5QzwBlpJNakkjh/TzF7pWnhtgreTr:+QBWol7MvFRwQcvQO+kD+L

Score
10/10
njrattestpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

test

C2

159.89.86.174:4443

Mutex

Windows Update

Attributes
  • reg_key

    Windows Update

  • splitter

    |Hassan|

Targets

    • Target

      06a0479f35c40aa5f4ad5ac9e7e8d7e0_JaffaCakes118

    • Size

      43KB

    • MD5

      06a0479f35c40aa5f4ad5ac9e7e8d7e0

    • SHA1

      8b583388bf00c4c4a1baa7ef7c74c34d259f4c63

    • SHA256

      0ccfa04a385ad222e13c8fa3b8b1db0825b28e985db601bb537e6d88cba39fc2

    • SHA512

      3a6bc2c950dd56ead6bda9baea356dec9b0e6e1087bdb08c084e9934b9e9e0cb14abe39ddd5f30c219b5463aaa948595a9a90c9a8eddaf3eeb2e3ceae0d04acc

    • SSDEEP

      384:IZyJGMFgpWoy7upvFOSWM9IXAkHC9D9O5UE5QzwBlpJNakkjh/TzF7pWnhtgreTr:+QBWol7MvFRwQcvQO+kD+L

    Score
    10/10
    njrattestpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks