Overview

overview

10

Static

static

3

c67f94edb2...18.exe

windows7-x64

10

c67f94edb2...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c67f94edb272ecee5b7a3164d24ea985_JaffaCakes118

  • Size

    210KB

  • Sample

    240828-kang1sshkk

  • MD5

    c67f94edb272ecee5b7a3164d24ea985

  • SHA1

    6e74638e0867fb2226bacc3db8e865aece944216

  • SHA256

    583bea7cbf5e15db369a2cac0157d2736ee7bfffb52f3e7c6f2aeaf77bc8c326

  • SHA512

    02edf0674772c6c9b1eb29f28786a6829e13cfa37198c9a8137761cda4cb3f2f4b7ebd60340da20603cdc61956261ed5cc2d914588a17a5328aa773723d206f8

  • SSDEEP

    3072:VMsO1QN1IdBcTSfYxXpbtN8oHFSeVuvNaqR37TqCHK8a3Fd8en7kIWZc7wqNV8W1:NO1M1INEIAUs4/bblY5aaqtGUKp1

Score
10/10
njrathackeddiscoverypersistencetrojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

feepro.hopto.org:1604

Mutex

Windows Update

Attributes
  • reg_key

    Windows Update

  • splitter

    |Hassan|

Targets

    • Target

      c67f94edb272ecee5b7a3164d24ea985_JaffaCakes118

    • Size

      210KB

    • MD5

      c67f94edb272ecee5b7a3164d24ea985

    • SHA1

      6e74638e0867fb2226bacc3db8e865aece944216

    • SHA256

      583bea7cbf5e15db369a2cac0157d2736ee7bfffb52f3e7c6f2aeaf77bc8c326

    • SHA512

      02edf0674772c6c9b1eb29f28786a6829e13cfa37198c9a8137761cda4cb3f2f4b7ebd60340da20603cdc61956261ed5cc2d914588a17a5328aa773723d206f8

    • SSDEEP

      3072:VMsO1QN1IdBcTSfYxXpbtN8oHFSeVuvNaqR37TqCHK8a3Fd8en7kIWZc7wqNV8W1:NO1M1INEIAUs4/bblY5aaqtGUKp1

    Score
    10/10
    njrathackeddiscoverypersistencetrojan

    • Modifies WinLogon for persistence

      persistence

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks