Overview

overview

10

Static

static

10

fc7a1eea4d...18.exe

windows7-x64

10

fc7a1eea4d...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fc7a1eea4d05a7cad4980f5724f0c30a_JaffaCakes118

  • Size

    46KB

  • Sample

    240928-rmqapszekp

  • MD5

    fc7a1eea4d05a7cad4980f5724f0c30a

  • SHA1

    da5be304a80c79e738dd7b35e221f2349d23a620

  • SHA256

    b260adf79585d2adab17251339114b8a6ceee27694d7c716ee11207988393928

  • SHA512

    ec8aed0ec72e6c04b630e1bef37cd0a0c5e18e1184c3c49cded41a4676bd8696844ad4418b425851c02876b4301bb485251f885854f50a4ac1365bb6f3eff8ff

  • SSDEEP

    768:qqMv+ZW1nRNAzx7SnI1OfoFLhvi0QmIDUu0tiLGj5aH26:zMS2a9RLQVkvjEW6

Score
10/10
njratsvhostdiscoveryevasionpersistenceprivilege_escalationtrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

svhost

C2

192.168.100.4:1604

Mutex

fabc31ebe8823518f9ddd5a734669637

Attributes
  • reg_key

    fabc31ebe8823518f9ddd5a734669637

  • splitter

    Y262SUCZ4UJJ

Targets

    • Target

      fc7a1eea4d05a7cad4980f5724f0c30a_JaffaCakes118

    • Size

      46KB

    • MD5

      fc7a1eea4d05a7cad4980f5724f0c30a

    • SHA1

      da5be304a80c79e738dd7b35e221f2349d23a620

    • SHA256

      b260adf79585d2adab17251339114b8a6ceee27694d7c716ee11207988393928

    • SHA512

      ec8aed0ec72e6c04b630e1bef37cd0a0c5e18e1184c3c49cded41a4676bd8696844ad4418b425851c02876b4301bb485251f885854f50a4ac1365bb6f3eff8ff

    • SSDEEP

      768:qqMv+ZW1nRNAzx7SnI1OfoFLhvi0QmIDUu0tiLGj5aH26:zMS2a9RLQVkvjEW6

    Score
    10/10
    njratsvhostdiscoveryevasionpersistenceprivilege_escalationtrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks