General
-
Target
b3f9720fbf0a87810e1e3fd38c541de5_JaffaCakes118
-
Size
445KB
-
Sample
241129-27kaas1nbw
-
MD5
b3f9720fbf0a87810e1e3fd38c541de5
-
SHA1
25b4e24757d22e064a0e12e780aaaa8e367f71df
-
SHA256
20963aed9ff246e13e89c2d51c92dd11323d82a96a878c81e072c8d97f34f99f
-
SHA512
845443be498ec1a9ee514eeab37baa690abeae44ca07132c7af29602efbe1ad6dbc6de93fb67747c530d1c9e0d89a9be4865375db552bac2002dbe6677c24158
-
SSDEEP
12288:d+zapgnZ0nxoK8pcJFuaDWM6BPWVtFNV0dX:4zlCnx82bRS/WDLUX
Malware Config
Extracted
njrat
0.6.4
حمودي الواسطي كان هنا
moha.no-ip.biz:9933
0834daba34fc76fcb705a66b2338d64f
-
reg_key
0834daba34fc76fcb705a66b2338d64f
-
splitter
|'|'|
Targets
-
-
Target
sec-checker v1 By SECURITY ALSHAAB.exe
-
Size
1020KB
-
MD5
333c9b031872ecad95a227cb504c62ae
-
SHA1
2cde63d3c03fd8d7b138232492ee7b7fbe1683aa
-
SHA256
adaee5abda04e7cf460f707a2cfbea01a550bda20204cdcb1df2da194551a681
-
SHA512
887e1a1e92c6d0542e9e226f7441ef55bd0e698d4f6c61e7b7fcb90c28cadcee24d96af56ccdb7ed0c2f5dace7ca929cfb0302d05fa07975621c186fc4ea48ba
-
SSDEEP
12288:RfziWJL5SZaSCDaRze4Yl4fRCVhBwvQlebZBUwFt:RfLwOp4Yl6IwvQlebZzt
Score10/10-
Njrat family
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
3Subvert Trust Controls
1Install Root Certificate
1