Overview

overview

10

Static

static

10

9bb86c8073...18.exe

windows7-x64

10

9bb86c8073...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9bb86c8073900283af53b3f55d5fedf3_JaffaCakes118

  • Size

    26KB

  • Sample

    241125-qgt62avldq

  • MD5

    9bb86c8073900283af53b3f55d5fedf3

  • SHA1

    73596fcaafdc6c178816c918d35a5b0167011435

  • SHA256

    391ba9bd95b1804e47db8c8c115f1268173824ebd1111c190ea1ee4f26dfd67b

  • SHA512

    1d972b1180dee6b566641ca662ecb27a2ff96294833d32b2d97d40fb3435d65e0c781207dab088f50deb10a41eba6da8020358a807aa4d151e22a04d42fc5a38

  • SSDEEP

    384:qLJCnWzGgqhZArwvaGGuPh5BrM0AQk93vmhm7UMKmIEecKdbXTzm9bVhcalS6prZ:04vMAi0A/vMHTi9bDl

Score
10/10
njratsuperdiscoverypersistencetrojan

Malware Config

Extracted

Family

njrat

Version

v4.0

Botnet

Super

C2

favioserver.ddns.net:8081

Mutex

Windows

Attributes
  • reg_key

    Windows

  • splitter

    |-F-|

Targets

    • Target

      9bb86c8073900283af53b3f55d5fedf3_JaffaCakes118

    • Size

      26KB

    • MD5

      9bb86c8073900283af53b3f55d5fedf3

    • SHA1

      73596fcaafdc6c178816c918d35a5b0167011435

    • SHA256

      391ba9bd95b1804e47db8c8c115f1268173824ebd1111c190ea1ee4f26dfd67b

    • SHA512

      1d972b1180dee6b566641ca662ecb27a2ff96294833d32b2d97d40fb3435d65e0c781207dab088f50deb10a41eba6da8020358a807aa4d151e22a04d42fc5a38

    • SSDEEP

      384:qLJCnWzGgqhZArwvaGGuPh5BrM0AQk93vmhm7UMKmIEecKdbXTzm9bVhcalS6prZ:04vMAi0A/vMHTi9bDl

    Score
    10/10
    njratsuperdiscoverypersistencetrojan

    • Njrat family

      njrat

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks