Overview

overview

10

Static

static

3

fb224fbe1a...18.exe

windows7-x64

10

fb224fbe1a...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fb224fbe1aa6b663191cf1d730537fd6_JaffaCakes118

  • Size

    25KB

  • Sample

    240927-3yzjasydpa

  • MD5

    fb224fbe1aa6b663191cf1d730537fd6

  • SHA1

    6a82fb803bbe3b20fb289b94f63c1cc2a6b97dee

  • SHA256

    034fb6099b396601161d3076a4c80247cf30c46e3add3b2de6dea577209b4112

  • SHA512

    383f6a9dc75b052354ac0ba59da6ad52daef796acaf2953d8cb5912e3bfa174729386e5172401a7676ad7c9bb934dff832ebbe0a8f15b39e0e9fa9e4bc40d505

  • SSDEEP

    768:5vkGDkx0b/5+So7h4d7JRo4a/pPhsuE+fj:yf0b/5+Si4bWpFhsv+fj

Score
10/10
njratserverpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

server

C2

31.173.24.54:5552

Mutex

Windows Update

Attributes
  • reg_key

    Windows Update

  • splitter

    |Hassan|

Targets

    • Target

      fb224fbe1aa6b663191cf1d730537fd6_JaffaCakes118

    • Size

      25KB

    • MD5

      fb224fbe1aa6b663191cf1d730537fd6

    • SHA1

      6a82fb803bbe3b20fb289b94f63c1cc2a6b97dee

    • SHA256

      034fb6099b396601161d3076a4c80247cf30c46e3add3b2de6dea577209b4112

    • SHA512

      383f6a9dc75b052354ac0ba59da6ad52daef796acaf2953d8cb5912e3bfa174729386e5172401a7676ad7c9bb934dff832ebbe0a8f15b39e0e9fa9e4bc40d505

    • SSDEEP

      768:5vkGDkx0b/5+So7h4d7JRo4a/pPhsuE+fj:yf0b/5+Si4bWpFhsv+fj

    Score
    10/10
    njratserverpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks