Overview

overview

10

Static

static

9

17af710193...18.exe

windows7-x64

10

17af710193...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    17af710193e1570d2a161243a7f09ad3_JaffaCakes118

  • Size

    386KB

  • Sample

    240505-prd25aaa91

  • MD5

    17af710193e1570d2a161243a7f09ad3

  • SHA1

    bbe48f327480d04cfb1851f8dd66517774d86ac6

  • SHA256

    409726bc69395c3cf5381e9fcde1a4159eb6674da32efac8ad87120e17e8c2f7

  • SHA512

    b5526dbe2ba29a39d73ead166b8f1c418e2d6cee447c087da3c0a9a01a9be758c13a67bebb86f0fab9978e8fdf8ef5bf39c43963b698f195fe875f2829bcb83f

  • SSDEEP

    3072:N17/yrBe0HCa5iwY6k3+OAAKhH8x146Vzm2TceHvBdqdfqcmPnlGZGepv8C:77/yOjutH8xe6NmZOC9a

Score
10/10
njratnyan catpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

asd2xxx.duckdns.org:1445

Mutex

62165dfdef6b4200ad

Attributes
  • reg_key

    62165dfdef6b4200ad

  • splitter

    @!#&^%$

Targets

    • Target

      17af710193e1570d2a161243a7f09ad3_JaffaCakes118

    • Size

      386KB

    • MD5

      17af710193e1570d2a161243a7f09ad3

    • SHA1

      bbe48f327480d04cfb1851f8dd66517774d86ac6

    • SHA256

      409726bc69395c3cf5381e9fcde1a4159eb6674da32efac8ad87120e17e8c2f7

    • SHA512

      b5526dbe2ba29a39d73ead166b8f1c418e2d6cee447c087da3c0a9a01a9be758c13a67bebb86f0fab9978e8fdf8ef5bf39c43963b698f195fe875f2829bcb83f

    • SSDEEP

      3072:N17/yrBe0HCa5iwY6k3+OAAKhH8x146Vzm2TceHvBdqdfqcmPnlGZGepv8C:77/yOjutH8xe6NmZOC9a

    Score
    10/10
    njratnyan catpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Beds Protector Packer

      Detects Beds Protector packer used to load .NET malware.

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks