Overview

overview

10

Static

static

5

46e50a6a9c...18.exe

windows7-x64

10

46e50a6a9c...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    46e50a6a9c2f2845d945b4578ac81533_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240515-tb7fysgg87

  • MD5

    46e50a6a9c2f2845d945b4578ac81533

  • SHA1

    3ca68bf9a2557bc24151b80bc6f4028913c4f634

  • SHA256

    fe92c97bff7eec08e5386cade6c18930bc6f5b6a3f3ed5fa039bf44d510fdb3e

  • SHA512

    de84794180d4ec3020da11c96bf07ec1de159a05a8bb741d1bf3ed628293d8328162e5e57445655f1ba23c0d4219f50cd63d52438d32a22ae10de06cd70483ed

  • SSDEEP

    24576:Ttb20pkaCqT5TBWgNQ7ac3RLly3h7J6A:QVg5tQ7ac3khV5

Score
10/10
njratlimepersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.7.3

Botnet

Lime

C2

micocacolaagosto.webredirect.org:1996

Mutex

chome.exe

Attributes
  • reg_key

    chome.exe

  • splitter

    123

Targets

    • Target

      46e50a6a9c2f2845d945b4578ac81533_JaffaCakes118

    • Size

      1.1MB

    • MD5

      46e50a6a9c2f2845d945b4578ac81533

    • SHA1

      3ca68bf9a2557bc24151b80bc6f4028913c4f634

    • SHA256

      fe92c97bff7eec08e5386cade6c18930bc6f5b6a3f3ed5fa039bf44d510fdb3e

    • SHA512

      de84794180d4ec3020da11c96bf07ec1de159a05a8bb741d1bf3ed628293d8328162e5e57445655f1ba23c0d4219f50cd63d52438d32a22ae10de06cd70483ed

    • SSDEEP

      24576:Ttb20pkaCqT5TBWgNQ7ac3RLly3h7J6A:QVg5tQ7ac3khV5

    Score
    10/10
    njratlimepersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Drops startup file

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks