Overview

overview

10

Static

static

3

dfda8d9648...18.exe

windows7-x64

10

dfda8d9648...18.exe

windows10-2004-x64

7

$APPDATA/t...60.dll

windows7-x64

1

$APPDATA/t...60.dll

windows10-2004-x64

1

$APPDATA/t...60.dll

windows7-x64

1

$APPDATA/t...60.dll

windows10-2004-x64

1

$APPDATA/t...UI.dll

windows7-x64

1

$APPDATA/t...UI.dll

windows10-2004-x64

1

$APPDATA/t...UI.dll

windows7-x64

3

$APPDATA/t...UI.dll

windows10-2004-x64

3

$APPDATA/t...NA.dll

windows7-x64

1

$APPDATA/t...NA.dll

windows10-2004-x64

1

$APPDATA/t...ko.dll

windows7-x64

3

$APPDATA/t...ko.dll

windows10-2004-x64

3

$APPDATA/z...PS.dll

windows7-x64

1

$APPDATA/z...PS.dll

windows10-2004-x64

1

$APPDATA/z...VS.dll

windows7-x64

1

$APPDATA/z...VS.dll

windows10-2004-x64

1

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$TEMP/Play...rn.dll

windows7-x64

10

$TEMP/Play...rn.dll

windows10-2004-x64

4

$TEMP/id/s...nu.dll

windows7-x64

3

$TEMP/id/s...nu.dll

windows10-2004-x64

3

$TEMP/incs...UI.dll

windows7-x64

1

$TEMP/incs...UI.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dfda8d9648d6afbeddffc0ac48d983c8_JaffaCakes118

  • Size

    1.0MB

  • Sample

    240914-kshz9awejh

  • MD5

    dfda8d9648d6afbeddffc0ac48d983c8

  • SHA1

    26abf16d7da0611b60b00c7007752c05022147e8

  • SHA256

    c16f9b0d5806e82b7e32842e78d243ecaed45ec63fb2230268a0fe9172f56172

  • SHA512

    28c5286cb7cac652252c2f49f21b701d9403c8a7d97a6c20f2a26e5696dace16ec39dcbb381a85f4022c7b8e8ef34929220b7fdee2059ed39a8a8f42d96c341c

  • SSDEEP

    24576:DEwIcDqQlKqNtTFrmL8QeogUQhhA5b4lypPMwY:xDqQhrTZqepDAV48PMf

Score
10/10
njratrexdiscoverytrojan

Malware Config

Extracted

Family

njrat

Version

0.7.3

Botnet

REX

C2

willyrex2020.publicvm.com:3040

Mutex

Client.exe

Attributes
  • reg_key

    Client.exe

  • splitter

    1234

Targets

    • Target

      dfda8d9648d6afbeddffc0ac48d983c8_JaffaCakes118

    • Size

      1.0MB

    • MD5

      dfda8d9648d6afbeddffc0ac48d983c8

    • SHA1

      26abf16d7da0611b60b00c7007752c05022147e8

    • SHA256

      c16f9b0d5806e82b7e32842e78d243ecaed45ec63fb2230268a0fe9172f56172

    • SHA512

      28c5286cb7cac652252c2f49f21b701d9403c8a7d97a6c20f2a26e5696dace16ec39dcbb381a85f4022c7b8e8ef34929220b7fdee2059ed39a8a8f42d96c341c

    • SSDEEP

      24576:DEwIcDqQlKqNtTFrmL8QeogUQhhA5b4lypPMwY:xDqQhrTZqepDAV48PMf

    Score
    10/10
    njratrexdiscoverytrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      $APPDATA/training/phf/sample/6.opends60.dll

    • Size

      49B

    • MD5

      92007a33a098e4bf3df817844cf319f0

    • SHA1

      9e7b4564e6e0839b706c85e5a065545d61693a57

    • SHA256

      0ead7ca604ae7c7acb2399548dfea8f4c4af55c0031883a4b6bf27cd574936d7

    • SHA512

      2aa1cdb4f2995e63117b37393bbf1b7434b972cbf04d3c318abf21b6a2dc650c92821df30893d14c45149b548e751fa1c5144b2c9e9c42039e55f9e1070f0757

    Score
    1/10
    behavioral3behavioral4

    • Target

      $APPDATA/training/phf/sample/70.opends60.dll

    • Size

      53B

    • MD5

      144447db7302c35132895c89899500d0

    • SHA1

      d0609112a5760f5c05f821b8538da129dac5d9ac

    • SHA256

      6b13aa6ec26538dd7520b0e03cd94d994557f0e1fbf1b16ab63e25b9b69ccb50

    • SHA512

      d9aa528e0e28551e78a6634bf7e33bb1d22e87030c4a81eebf1381b5841c6da26cd6a1490a0c472cea26120b6e9a89b90a3fb04f25c50ed574b65d2ccb124fbd

    Score
    1/10
    behavioral5behavioral6

    • Target

      $APPDATA/training/phf/sample/MicrosoftCompactFrameworkDesignUI.dll

    • Size

      4KB

    • MD5

      a6ed8ac1082e731a78e14a80bdc7b384

    • SHA1

      7dcca387e1179a01569ec62152e7539395395ffe

    • SHA256

      26e7cb58d4ef33298907a4be5e7175c8acd675ea8094040b32505a9ef1186e63

    • SHA512

      64d277d7d0c73b819c46ce0ed89de69cb2babaa1e17edebac6c1bc76c8e6845a19eff3cb390f3f7bcb111a5b4556a73d09fbc9a86aa3cf3031775cd5dc962074

    Score
    1/10
    behavioral7behavioral8

    • Target

      $APPDATA/training/phf/sample/RSObjectsUI.dll

    • Size

      15KB

    • MD5

      0ded17f4153d84a81ae8df331d5ffe9f

    • SHA1

      de9114532d428f47dbca620e804e50481ec43190

    • SHA256

      00517a79c248735b807ebea0fa1ac099c02c03d953bedd6babb677b0d0aaac74

    • SHA512

      505fc2379ee31a60b6e9ec0b12f7759cdb1390f961e2c6900ee7b1ec3c651a05148be5dcc93872ba23509e562ba342c2ed79274e0273f5702c3310d560e43177

    • SSDEEP

      192:ltBuw21IhWu1HN3Xz6vrkYFAQgx3tPcZ8++h3IEbUWWqf/L/CldolMvMjGwPgMvg:MmjD6XgROZ8+Y42UWjHLCcY+wCbsO+

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      $APPDATA/training/phf/sample/cmtnptTcpAcceptNA.dll

    • Size

      11KB

    • MD5

      ec6c4a079d8f7af013592ecf3590a80a

    • SHA1

      702c75cd2bf9300869cf5706259f5bacd9cbc729

    • SHA256

      4950e919a2e008f9f3a0fc0b888092d6ca8266d7e5050c0cbde8b5833a349321

    • SHA512

      5aba108d045a75e08dfd5135c4613df2bce1e3770b30c18f05693859fe26864b657de98fc365fe9318bf42bf6f3eba5401c305370ca9b5f4bca986659a918e1f

    • SSDEEP

      192:suYxikcRkvtAUU/00S0A2PrahW2yAWN0Gpq177X8tEyC0FW:tYxiJkkcZmzyWtAWzY1stEyC0I

    Score
    1/10
    behavioral11behavioral12

    • Target

      $APPDATA/training/phf/sample/crtowordsko.dll

    • Size

      16KB

    • MD5

      e45d83fb5b168d8dc8099a8cc989c49f

    • SHA1

      733ac76241405868c7abbb4d3f87f47ef7aba936

    • SHA256

      b6850fc541e48dedbb836bcebbf6f8007c0bf6bc5a7652b9cff20b4b919a06c6

    • SHA512

      00afe423a4da04585df8121862664346f7d15cc100fb26fd1795e8390a6129df86b073afe34e3c2023c2fb632906ed4cbd45296fd036fdda3859d3e8ea0cc048

    • SSDEEP

      192:VCZgZoP7aIb5AX3RwTYHCAnTE/PGSK3Xz7YgS1LfjYsqRL/CldolMvMjGwPyMojH:AZgwGIlAxc4jvS1LLYHLCcY9jBJJ6jk

    Score
    3/10
    discovery
    behavioral13behavioral14

    • Target

      $APPDATA/zt/1.COMServerPS.dll

    • Size

      510B

    • MD5

      3da5046215a9b54e0321dbdd64827d38

    • SHA1

      adc522a746c0c017ed891ed218fdbfaa49e974f6

    • SHA256

      91654b3630646096476544f7dd829ae2ee109a551b7bb9cc45f9bec3039e47e5

    • SHA512

      864c2ec598ef6fdf352d0bb57595d20455ed975be1f602b64ce722645d92456a15573f5718c60cdfd3297cdf8ac5719f04446f7b231471490bc0f44464881620

    Score
    1/10
    behavioral15behavioral16

    • Target

      $APPDATA/zt/WizardFrameworkVS.dll

    • Size

      40KB

    • MD5

      f7aa365a80de7d4c8239fa3e9f697e21

    • SHA1

      7bcf5b6e888aef1dcbefdb1c9c23243807efe6a6

    • SHA256

      b4fcefaa113f1dbe7b6b914bdeeca8eea51d63786184424826cc926b9bf7a296

    • SHA512

      4d2488525d084b87f392fb2f1a8f324228f3a4c506d939081470b491535265ed82925967562b093fefddbc3aff833863699e31c498db110200b721e7557a3735

    • SSDEEP

      384:6EKC1aWQoKj6YEKip+lKFTxKMuUaTQLGbujgMlIpkGPHMY19+jg6ihJSxUCR1rgu:lDf6iU2xLnMhMwkGEZFRJ59a

    Score
    1/10
    behavioral17behavioral18

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      8cf2ac271d7679b1d68eefc1ae0c5618

    • SHA1

      7cc1caaa747ee16dc894a600a4256f64fa65a9b8

    • SHA256

      6950991102462d84fdc0e3b0ae30c95af8c192f77ce3d78e8d54e6b22f7c09ba

    • SHA512

      ce828fb9ecd7655cc4c974f78f209d3326ba71ced60171a45a437fc3fff3bd0d69a0997adaca29265c7b5419bdea2b17f8cc8ceae1b8ce6b22b7ed9120bb5ad3

    • SSDEEP

      192:BenY0qWTlt70IAj/lQ0sEWc/wtYbBH2aDybC7y+XB9IwL:B8+Qlt70Fj/lQRY/9VjjlL

    Score
    3/10
    discovery
    behavioral19behavioral20

    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      ec9640b70e07141febbe2cd4cc42510f

    • SHA1

      64a5e4b90e5fe62aa40e7ac9e16342ed066f0306

    • SHA256

      c5ba017732597a82f695b084d1aa7fe3b356168cc66105b9392a9c5b06be5188

    • SHA512

      47605b217313c7fe6ce3e9a65da156a2fba8d91e4ed23731d3c5e432dd048ff5c8f9ae8bb85a6a39e1eac4e1b6a22862aa72d3b1b1c8255858997cdd4db5d1fe

    • SSDEEP

      192:oRsHeylO012En8pqHtcE0PuAgkOyPIFc:sATI0d8pUP0WAgkBPIFc

    Score
    3/10
    discovery
    behavioral21behavioral22

    • Target

      $TEMP/PlayaPeppercorn.dll

    • Size

      44KB

    • MD5

      2fd1d4cb3441a4d6ebb4956dd1ac37fa

    • SHA1

      69ffdf0a02ef60ed7f92416361e93c435b61e16e

    • SHA256

      f13706ccf8f5ce81d048ef1c8c58e290258c02b87c3ed640c07606db601882b4

    • SHA512

      4fdcea08ca11cc67f153c94d9777c90d8221cbedf9302367ee98451619b2485ac0875d8efc18a14b64edec268dd7358e98cbb53a0874838b50321e443ea3deaf

    • SSDEEP

      768:fLExxfvwX3m2qAoLcB3Rhn9mnTED7ldvyFFd1sbUMYjxq:Dc1wXP/2ESFFNjx

    Score
    10/10
    njratrexdiscoverytrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat
    behavioral23behavioral24

    • Target

      $TEMP/id/surveys/vbamnu.dll

    • Size

      29KB

    • MD5

      2e8811916b23afa369b0a1584d95086e

    • SHA1

      6887c697e59766859cc561a751adfda3a9140e63

    • SHA256

      687db98b6b8cf42dae4c2ea7e50e149c9b79e61bd48d5f806ebc042fb2ed09ad

    • SHA512

      cca9270aa9782afe5291f17517cb89dce94371003af44824f5a7ed5d7efae7c8ebeac30bd58834d34783ca53fb6507b7556943b4e75bb0b1c22a90cb5b8c97a0

    • SSDEEP

      384:VIy3T9VTvHyc/x8KmtzFCtoLKaGpQxvwMT5fy0DT1HGMAFZCap6/b/0dD0L6Kq0M:VIycKmtMt8uWp1VtHGPvKMZ0Rq0xxoX

    Score
    3/10
    discovery
    behavioral25behavioral26

    • Target

      $TEMP/incs/sess/shockwave/sqlleUI.dll

    • Size

      8KB

    • MD5

      293eb49ee029fa63feb9936b30309f76

    • SHA1

      835a7e174073a6f7a5b4d743d37276d24a1af9ed

    • SHA256

      226b319c19a932c1baf6afffbdca3b384a4dfc2a97e88a873bc3348271983ea6

    • SHA512

      5274b68d8251398ec0a9e35cf6c49cccfc40af18100998573a0d7afa20569e47704e6cc6d4fea47edb0ebbc2c9b455c4d833d1616aed19d8c4d4565f6210557e

    • SSDEEP

      96:t3tUfaE/vU7ICFz0kzeYEWq6OONXYHIWPVJzCfiVEgU7ZwikZXQ5JlCaN2aq000t:t9yaE/vpCFwWqcNXYHIWNJ+NhwH5QI

    Score
    1/10
    behavioral27behavioral28

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

njratrexdiscoverytrojan
Score
10/10

behavioral2

discovery
Score
7/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

discovery
Score
3/10

behavioral14

discovery
Score
3/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

discovery
Score
3/10

behavioral20

discovery
Score
3/10

behavioral21

discovery
Score
3/10

behavioral22

discovery
Score
3/10

behavioral23

njratrexdiscoverytrojan
Score
10/10

behavioral24

discovery
Score
4/10

behavioral25

discovery
Score
3/10

behavioral26

discovery
Score
3/10

behavioral27

Score
1/10

behavioral28

Score
1/10