Overview

overview

10

Static

static

5

JaffaCakes...d0.exe

windows7-x64

10

JaffaCakes...d0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_4de9f1ab1f842add1fd7954e320a6dd0

  • Size

    1010KB

  • Sample

    250101-kaej4sslhp

  • MD5

    4de9f1ab1f842add1fd7954e320a6dd0

  • SHA1

    78b5d45556ada1286e7125f2af156bf96742f94f

  • SHA256

    bc4a3e67dd760707d72e013997625924a62e35f5caf5b2492c07c712c29af40d

  • SHA512

    95eb0b92b40e361246084d4364835048ba381aa21af9b3ef2d0334436933d5caf330ec45f52c7fe6685f87c022bfe259ae6eab71864f2478903d713ca2e8a53a

  • SSDEEP

    12288:5tb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSgaETQCA4q6A:5tb20pkaCqT5TBWgNQ7aETQKq6A

Score
10/10
njratbotnetvictimdiscoverytrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

botnetvictim

C2

girtatapke.duckdns.org:1437

Mutex

36a380dc559c5de908a35bf7366d9bbb

Attributes
  • reg_key

    36a380dc559c5de908a35bf7366d9bbb

  • splitter

    |'|'|

Targets

    • Target

      JaffaCakes118_4de9f1ab1f842add1fd7954e320a6dd0

    • Size

      1010KB

    • MD5

      4de9f1ab1f842add1fd7954e320a6dd0

    • SHA1

      78b5d45556ada1286e7125f2af156bf96742f94f

    • SHA256

      bc4a3e67dd760707d72e013997625924a62e35f5caf5b2492c07c712c29af40d

    • SHA512

      95eb0b92b40e361246084d4364835048ba381aa21af9b3ef2d0334436933d5caf330ec45f52c7fe6685f87c022bfe259ae6eab71864f2478903d713ca2e8a53a

    • SSDEEP

      12288:5tb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSgaETQCA4q6A:5tb20pkaCqT5TBWgNQ7aETQKq6A

    Score
    10/10
    njratbotnetvictimdiscoverytrojan

    • Njrat family

      njrat

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks