General
-
Target
fe642909e764259bf99d467f1d1c9a92_JaffaCakes118
-
Size
18KB
-
Sample
240929-m5tnma1fqp
-
MD5
fe642909e764259bf99d467f1d1c9a92
-
SHA1
e28d02abcc7006b0d0ade5732090c2726f580018
-
SHA256
d9d8185118feece669b34d3dc309df7c7b4d67c43b858682187b8fb432836fea
-
SHA512
e955549be8484734f35dcfb4d00f05e030859a28bd5476833fe69ad5d4c422900ce76262fc29a9702840d658de6cebb5946c1af3fde97d7ab9e3a7abd38dc39b
-
SSDEEP
384:BHU+CHNzojQrenp1675gqHxzLh8zP6zDK34q4Pqim8jtvZRH:BHctz/qp8CIXOz9GPqixvZ5
Malware Config
Extracted
njrat
Njrat 0.7 Golden By Hassan Amiri
?????
134.249.136.1:5552
Windows Update
-
reg_key
Windows Update
-
splitter
|Hassan|
Targets
-
-
Target
Cheat-Luna-Golden-Edition-for-CSGO-0a28c73bd523ab70578f13348c119dca500a1a8e/Cheat Luna Golden Edition for CSGO.exe
-
Size
43KB
-
MD5
bbd7bbee8a56b9dd1b6e74020fc4c94f
-
SHA1
f52a2dc64e2252994392b428dcd2c10a5aa86243
-
SHA256
36dfc2f3aea3facf08a3dbcef0f47139cf0a3d4c72c418d7e7f8cb04b8767b7e
-
SHA512
c87505510b4e6930eb3754ab4f5b0f7c7b710c4f81c70a81f6665385e9ba3dc66133ecc647b395ab1a90f72f6c35ba7dbde477322a40790d523d41da0ed7f57e
-
SSDEEP
384:gZyx1Cj8syWjzX+yObeE/ME5EAftz8Iij+ZsNO3PlpJKkkjh/TzF7pWnO9greT0I:GC04pWPX+R5MEzXuXQ/ovN+L
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1