Overview

overview

10

Static

static

3

7370c66c1b...18.exe

windows7-x64

10

7370c66c1b...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7370c66c1be900fc49a087879f50ec7f_JaffaCakes118

  • Size

    220KB

  • Sample

    240525-2bb9tace9t

  • MD5

    7370c66c1be900fc49a087879f50ec7f

  • SHA1

    c6be4b6cdd07c48ee1b085d35a1d2e4b5f75fbea

  • SHA256

    e061679e1c06322d8f7f74a153de64d4818f8dd60b7e8a50641e793712a6d0bd

  • SHA512

    0a41649dc7ea425ab5fc5e26c5e1814351d4256d9f5a3c2fd84f0a3d756a07f0919393bef58f703ab95264600d76b995812dc873a6d9cf24c233e9abbaa96f56

  • SSDEEP

    768:0xsWhB3kvEw1G/W2/ErK3CMuv9hrEFo+Myet4hGoJ53d3RqztGgeHJWrhtOjujA4:LgB3kvR1G/NsOCMuvrEFWyC4hGU534

Score
10/10
njrathackedevasiontrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

127.0.0.1:5552

Mutex

23f0e3bce589df29a3e6f3e8879b41c1

Attributes
  • reg_key

    23f0e3bce589df29a3e6f3e8879b41c1

  • splitter

    |'|'|

Targets

    • Target

      7370c66c1be900fc49a087879f50ec7f_JaffaCakes118

    • Size

      220KB

    • MD5

      7370c66c1be900fc49a087879f50ec7f

    • SHA1

      c6be4b6cdd07c48ee1b085d35a1d2e4b5f75fbea

    • SHA256

      e061679e1c06322d8f7f74a153de64d4818f8dd60b7e8a50641e793712a6d0bd

    • SHA512

      0a41649dc7ea425ab5fc5e26c5e1814351d4256d9f5a3c2fd84f0a3d756a07f0919393bef58f703ab95264600d76b995812dc873a6d9cf24c233e9abbaa96f56

    • SSDEEP

      768:0xsWhB3kvEw1G/W2/ErK3CMuv9hrEFo+Myet4hGoJ53d3RqztGgeHJWrhtOjujA4:LgB3kvR1G/NsOCMuvrEFWyC4hGU534

    Score
    10/10
    njrathackedevasiontrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks