Overview

overview

10

Static

static

3

B3RAP Leec...er.exe

windows7-x64

8

B3RAP Leec...er.exe

windows10-2004-x64

7

B3RAP Leec...et.dll

windows7-x64

1

B3RAP Leec...et.dll

windows10-2004-x64

1

NETFLIX Ch...ER.exe

windows7-x64

7

NETFLIX Ch...ER.exe

windows10-2004-x64

7

NETFLIX Ch...ER.exe

windows7-x64

7

NETFLIX Ch...ER.exe

windows10-2004-x64

7

NETFLIX Ch...er.dll

windows7-x64

1

NETFLIX Ch...er.dll

windows10-2004-x64

1

NETFLIX Ch...et.dll

windows7-x64

1

NETFLIX Ch...et.dll

windows10-2004-x64

1

Proxy Chec...ER.exe

windows7-x64

7

Proxy Chec...ER.exe

windows10-2004-x64

7

Proxy Chec...ER.exe

windows7-x64

8

Proxy Chec...ER.exe

windows10-2004-x64

7

Proxy Chec...ck.exe

windows7-x64

10

Proxy Chec...ck.exe

windows10-2004-x64

10

Proxy Chec...er.dll

windows7-x64

1

Proxy Chec...er.dll

windows10-2004-x64

1

Proxy Chec...et.dll

windows7-x64

1

Proxy Chec...et.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ea6b01032105bbec9613889fd3506f51_JaffaCakes118

  • Size

    6.8MB

  • Sample

    240919-cxngjawdnd

  • MD5

    ea6b01032105bbec9613889fd3506f51

  • SHA1

    2a906732b4872f4834bcdba33038fb0cd8bc0deb

  • SHA256

    afaf9770608b7ba29f183586c580fc8093a2efdd68febff71122ac41cedae49d

  • SHA512

    024b133de10b691548d2364f00890bb100a7acc04de22e5b71c71d48ef1b6e91f6aa2ff43a7cf5aee28cd7ebe35be31066ddf706f2edb9f095f75eed4f31d707

  • SSDEEP

    196608:jCUx1i3A2vH38Kj9Ctzlhq4tuhs/tkK0hwwtjX:jCh3z/jY1lhs2kfWC

Score
10/10
njrathackeddiscoverymacropersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.7 MultiHost

Botnet

HacKed

C2

fgtgd33333.ddns.net:1177

Mutex

8746d62c81bb0c573a0a1086f9955c7b

Attributes
  • reg_key

    8746d62c81bb0c573a0a1086f9955c7b

  • splitter

    |'|'|

Targets

    • Target

      B3RAP Leecher v0.5/B3RAP Leecher.exe

    • Size

      7.6MB

    • MD5

      daf410cc495219fe8ac9a02712ad3684

    • SHA1

      e8105b282d9c6f5ec146a138fa899675441419b8

    • SHA256

      51e36fe50f5cc439b8a275571b303fab85d4beb430abefb578a6ca5226c17601

    • SHA512

      1ea3f87e39cbbbf125602294fb9fd4b713bfb5b16ade2f503a4be84f6d8c123830edb626b02e6a7d1a344dd46134cb240c6c70fd7a5ab129e3d1b507a8ba8773

    • SSDEEP

      196608:CLwIMmXE6d1CPwDv3uFgsLsv13uFnCPwPnhwn59OIl/3igTlBCKgx:CpTXE6d1CPwDv3uF1Lsv13uFnCPwfhw8

    Score
    8/10
    discoverymacropersistence

    • Suspicious Office macro

      Office document equipped with macros.

      macro

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

    • Target

      B3RAP Leecher v0.5/Leaf.xNet.dll

    • Size

      126KB

    • MD5

      b5cb88de9fe40b6645496f9543ce8e26

    • SHA1

      bcf6a6d98c8597c6d1546554713928ca3eb86a48

    • SHA256

      a91293829d0a4a0f2f34787fc1ba13b9d3aa4f640d0fca652b24a88f464bc343

    • SHA512

      e2e031103731251e164b9fa93df33bb04885de3754acd3b01c4433a274008bb50e808ecba2824ef3535d82efa5416e2c75b8b2274b8cd4f93899e04da3e59c69

    • SSDEEP

      3072:BRSNIr8lAcSyLHhbLx/aZhttaMZ5TNvl:HMs4SyLHW

    Score
    1/10
    behavioral3behavioral4

    • Target

      NETFLIX Checker Account By X-KILLER/._cache_NETFLIX Checker Account By X-KILLER.exe

    • Size

      538KB

    • MD5

      867f1fbc0a5d89a100d4fe867fa4b34f

    • SHA1

      a41eb575ac101f0954d074932eebcd916ce0023b

    • SHA256

      e22c7f85f00cc4a5219d23ead9ae28897ebea30d09b39387456c1f4fd4541ce5

    • SHA512

      6e71eae56d521d0f62abf605f7181bee429e878aa96853e8e95e0512bb2f5a1c93191ab9afbaf3409d61f78ee4decb6581c7764daaa53bc35ad4c1c77b9ecbfa

    • SSDEEP

      12288:dyqVfhoCeZzPde+4ZJwpBeV8Agn+X+n9B5tLA1zXKZrnkRkEp:dyq4CeZTdp4ZJSK2i+n9B5t0Ag

    Score
    7/10

    • Loads dropped DLL

    behavioral5behavioral6

    • Target

      NETFLIX Checker Account By X-KILLER/NETFLIX Checker Account By X-KILLER.exe

    • Size

      1.3MB

    • MD5

      89f4a57b13570e7493112ef54ad3196e

    • SHA1

      22f39b91fc4172194877927dfbfa31a10057ce8f

    • SHA256

      d8bfdcac9ac53a9d4fdcb9b04fa5a33e06db1df062888317302afaf21f17eaa2

    • SHA512

      73e5931cd03bff77a9b4b77b943a4ac4fcc26dc49707c349e1a4bd03e317ea99ef0171e8f9906275cc25e803449cd14549363c7a6b74c76c6f3a1166caf3ed77

    • SSDEEP

      24576:CnsJ39LyjbJkQFMhmC+6GD9Lyq4CeZTdp4ZJSK2i+n9B5t0Agv:CnsHyjtk2MYC5GDpF4ldezSPFn1OAG

    Score
    7/10
    discoverypersistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral7behavioral8

    • Target

      NETFLIX Checker Account By X-KILLER/SkinSoft.VisualStyler.dll

    • Size

      964KB

    • MD5

      2d84a619d4bd339f860cb48af0c9b6c8

    • SHA1

      05e520126ee1100c98263bfbd5a6ff0ce6ace4f7

    • SHA256

      365ffde7df914840eb21c96f34c39912a4b031e3814b8e902b67acee6dff65a1

    • SHA512

      bd0c5e8b018ae393a5f2b92b4a10b5b674ca466074d18b4f86b12cbe9a6a520a95323146cb8e5226b1698f14efcc63addf0df421677b7f5ba3c8d94dbcb511d0

    • SSDEEP

      12288:XxIFyaWHyXq7VBnpJnqRAjcHFNdotFYsFjrXhmEBFa:XxIFyaWHyXq7VBnpJnqRAwHsJm

    Score
    1/10
    behavioral10behavioral9

    • Target

      NETFLIX Checker Account By X-KILLER/xNet.dll

    • Size

      116KB

    • MD5

      3df8d87a482efad957d83819adb3020f

    • SHA1

      f5b710581355ac5d0de7a36446b93533232144db

    • SHA256

      2ac175b4d44245ee8e7aee9cc36df86925ef903d8516f20a2c51d84e35f23da4

    • SHA512

      da28c34a85a6530b1c558fa11b0e71e70710d719cd8ceaf81f954d1fe3927ec139bee6c5f3135425cc5220905240f1a31d831611c46d18f5d52600b607ea59a6

    • SSDEEP

      3072:NWl4rhAigbJ0c1qnV+xnEd44asVyrVfwN5lTCTh3n3F:NWvigbdqnV+xnEd4zsVyJb

    Score
    1/10
    behavioral11behavioral12

    • Target

      Proxy Checker v0.2/._cache_Proxy Checker v0.2 By X-SLAYER.exe

    • Size

      1.4MB

    • MD5

      6d0fc4a87660eb12e4748e3b38b26879

    • SHA1

      a780cc0f3feb7cdfb09051a18dd102b9ab111ff1

    • SHA256

      5d9a4b3353659a3e88b520ec6b2a9d461bcbf8866a37dde649a416f7532a30d4

    • SHA512

      a413451a621f8df7f7256ea96695459d3e7f4963863523329e483850fa94569ec97e247ba614aff7416c678e270c0dbe282bff18be0dac057176fc964178f903

    • SSDEEP

      24576:+Wjq2at06twERDImb+2dnTLcb24EgU1oAtwERD:+T/t/GERDN+2VsjnAGERD

    Score
    7/10

    • Loads dropped DLL

    behavioral13behavioral14

    • Target

      Proxy Checker v0.2/Proxy Checker v0.2 By X-SLAYER.exe

    • Size

      2.1MB

    • MD5

      b472373d26e5446e44e11ee35803fb2c

    • SHA1

      2f4d67d015fca0a3f7105d3fa7bfbbf48454dfe4

    • SHA256

      fc897f290aab0e768822c3ee33e0b1ee2d15b6f23139f007299b26563efefc94

    • SHA512

      41958196e899f325b4bea38696838eb6341246d7e6a1c311ec72dbf32dfc338c7e4f05e7fdd38b68d4f33c011867049c20cfbf625f36682219c3391b64062db4

    • SSDEEP

      49152:wnsHyjtk2MYC5GD2T/t/GERDN+2VsjnAGERDi:wnsmtk2aaEv+2VUDEk

    Score
    8/10
    discoverymacropersistence

    • Suspicious Office macro

      Office document equipped with macros.

      macro

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral15behavioral16

    • Target

      Proxy Checker v0.2/Proxy Checker v0.2 Crack.exe

    • Size

      1.1MB

    • MD5

      c23fa9a76be0e91ae95ab347e68a8a17

    • SHA1

      3e8fee7b1729113fa86d53e7eb7135b32d50da96

    • SHA256

      b0356479bb707ba0be06277723150e0401960783d21ab1a97fe76d6723546022

    • SHA512

      6634aac9cb6abbe348fe5befeb1218ed0937713570190a2a1ea05da1b959a17f722eeff5d27d3464ba3f3cf19986d1364cb73b71de76997d99df82ebdb3512eb

    • SSDEEP

      12288:lMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9eZLtL0ERDyKj:lnsJ39LyjbJkQFMhmC+6GD9ItwERDF

    Score
    10/10
    njrathackeddiscoverypersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral17behavioral18

    • Target

      Proxy Checker v0.2/SkinSoft.VisualStyler.dll

    • Size

      964KB

    • MD5

      2d84a619d4bd339f860cb48af0c9b6c8

    • SHA1

      05e520126ee1100c98263bfbd5a6ff0ce6ace4f7

    • SHA256

      365ffde7df914840eb21c96f34c39912a4b031e3814b8e902b67acee6dff65a1

    • SHA512

      bd0c5e8b018ae393a5f2b92b4a10b5b674ca466074d18b4f86b12cbe9a6a520a95323146cb8e5226b1698f14efcc63addf0df421677b7f5ba3c8d94dbcb511d0

    • SSDEEP

      12288:XxIFyaWHyXq7VBnpJnqRAjcHFNdotFYsFjrXhmEBFa:XxIFyaWHyXq7VBnpJnqRAwHsJm

    Score
    1/10
    behavioral19behavioral20

    • Target

      Proxy Checker v0.2/xNet.dll

    • Size

      116KB

    • MD5

      3df8d87a482efad957d83819adb3020f

    • SHA1

      f5b710581355ac5d0de7a36446b93533232144db

    • SHA256

      2ac175b4d44245ee8e7aee9cc36df86925ef903d8516f20a2c51d84e35f23da4

    • SHA512

      da28c34a85a6530b1c558fa11b0e71e70710d719cd8ceaf81f954d1fe3927ec139bee6c5f3135425cc5220905240f1a31d831611c46d18f5d52600b607ea59a6

    • SSDEEP

      3072:NWl4rhAigbJ0c1qnV+xnEd44asVyrVfwN5lTCTh3n3F:NWvigbdqnV+xnEd4zsVyJb

    Score
    1/10
    behavioral21behavioral22

MITRE ATT&CK Enterprise v15

Tasks