Overview

overview

10

Static

static

10

Fatality.dll

windows7-x64

3

Fatality.dll

windows10-2004-x64

3

Server.exe

windows7-x64

10

Server.exe

windows10-2004-x64

10

injector.exe

windows7-x64

1

injector.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5ba8c94b5b1ba30582709b9e72b1599c_JaffaCakes118

  • Size

    733KB

  • Sample

    241019-jztjwsxepk

  • MD5

    5ba8c94b5b1ba30582709b9e72b1599c

  • SHA1

    398315aad43a12803f755878f88327cc9e15dbbe

  • SHA256

    c740586e78ab04f96c4e45defcc6c6f7a2452449d4b076958eb0db77ed618fb3

  • SHA512

    8ea3a6bc110b6ce052294d74b33b2367954b6337b2da5a5abeaf320f62f37a2f28004e02b974056bdd37f851d47337a1d3517198b8e8addabfb16f1cb075ce3c

  • SSDEEP

    12288:2cFmyAJwVPRvNmWqSVcg4BZ+Y/Zxnm52+3WYLNacIC40OISu774cWUVwZw:Hmy1pqgQ+Y/LnOWYg0dOISa74gVB

Score
10/10
njrat???? 10 ??? ?????? discoverypersistencetrojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

???? 10 ??? ??????

C2

0.tcp.ngrok.io:10940

Mutex

Windows Update

Attributes
  • reg_key

    Windows Update

  • splitter

    |Hassan|

Targets

    • Target

      Fatality.dll

    • Size

      2.8MB

    • MD5

      3323f35eb27d6e6e016cb1d6537adf6f

    • SHA1

      1a511738d41cdc91884b395dcb749c6f709fbfe7

    • SHA256

      638e5488d25b52539007bf511b5dce511dd6632f3816d97d2514150bfe50acc9

    • SHA512

      f7d31dcca07c5b280690f89ca42a21adcc870c3c637f5d2f0c1ab07e66db54064c185187f5c5473129e632de11f211be1e6917fa9c748db0ea67ee192a64b80b

    • SSDEEP

      49152:Y+/NFLED+VlfRVBnbmdOqz851fy/fGuaiucb2sdcdk3YZ/8/RRLMSaYzRFo1Uvo1:Y+/3LEC3fjZbmddoPfy/uuaiucb2sadD

    Score
    3/10
    discovery
    behavioral1behavioral2

    • Target

      Server.exe

    • Size

      43KB

    • MD5

      6fd38643354ce9c9af962154cd79c03e

    • SHA1

      e7716fa97f92addc3482db44f08125745d35ce92

    • SHA256

      ded006de19d1f8888efbac3b6088acca5a1f2bf3e9aceb0bf4a68508a9356c5b

    • SHA512

      752cbdbccfb479fc03fc4386bc588c49ff4cc766cfda41840dfa3af2cd418d76ad3135fd499f558f6e1973f4494d20ba579832010aacf8557e29f29e2ea54546

    • SSDEEP

      384:THZyT36Nkli0yizcpSQOWpeMVOaEnxqzVmzkIij+ZsNO3PlpJKkkjh/TzF7pWn15:T5R6ABiopSQOWpeeOxMiuXQ/oQUM+L

    Score
    10/10
    njrat???? 10 ??? ?????? discoverypersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral3behavioral4

    • Target

      injector.exe

    • Size

      10KB

    • MD5

      dbad13dc6ca76d03c6badf3a9913cf56

    • SHA1

      445feb82b95300c4d025edc1a73ae04984fc5f7b

    • SHA256

      baa1c9a0a3603bf582b9c3c0b49cd3fbafc34734298a32eab14ff29bc17f158e

    • SHA512

      347929d1d58e08c31fc18510420bdf5ad4fc103f27a94fc86e9763b49310b952a085f39acc1843d2af9e38972b45b01cea62617c6ac23bbdea5f1cebbdac1397

    • SSDEEP

      192:Yc6IFaigkfZ+b3H4NRLJjAoXJvrmb3eCqH7E5pz623yWSL:YBOSYNXAaJTmbOzH75WS

    Score
    3/10
    discovery
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks