Overview

overview

10

Static

static

10

64a4318e97...18.exe

windows7-x64

10

64a4318e97...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    64a4318e9752ab10484cdcd3427fd211_JaffaCakes118

  • Size

    43KB

  • Sample

    240521-y5yhcshd2z

  • MD5

    64a4318e9752ab10484cdcd3427fd211

  • SHA1

    54b0b70bae6f7ba7648bf31bbd9c5d4244102b57

  • SHA256

    171a802411d9ae1c3cb973b359b654caaad5dacf07ed37e3ceda7ed0ab47f42c

  • SHA512

    d2dc4ea6af5aa6e134e8f94dd0c4f30bd3c9655a4d786fc39bfc053748d08b1e97186fd69231047dcb421845f750ba75702eaad52b2f002450977b6d4b2a59b9

  • SSDEEP

    384:2ZyZsFgpWoy7OJ7FuywEBYXAkXzYIij+ZsNO3PlpJKkkjh/TzF7pWnNmwgreT0pO:sZWol7M7FR6Q8uXQ/oYm0+L

Score
10/10
njrathacked2334persistencetrojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed2334

C2

127.0.0.1:5057

Mutex

Windows Update

Attributes
  • reg_key

    Windows Update

  • splitter

    |Hassan|

Targets

    • Target

      64a4318e9752ab10484cdcd3427fd211_JaffaCakes118

    • Size

      43KB

    • MD5

      64a4318e9752ab10484cdcd3427fd211

    • SHA1

      54b0b70bae6f7ba7648bf31bbd9c5d4244102b57

    • SHA256

      171a802411d9ae1c3cb973b359b654caaad5dacf07ed37e3ceda7ed0ab47f42c

    • SHA512

      d2dc4ea6af5aa6e134e8f94dd0c4f30bd3c9655a4d786fc39bfc053748d08b1e97186fd69231047dcb421845f750ba75702eaad52b2f002450977b6d4b2a59b9

    • SSDEEP

      384:2ZyZsFgpWoy7OJ7FuywEBYXAkXzYIij+ZsNO3PlpJKkkjh/TzF7pWnNmwgreT0pO:sZWol7M7FR6Q8uXQ/oYm0+L

    Score
    10/10
    njrathacked2334persistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks