Overview

overview

10

Static

static

3

JaffaCakes...50.exe

windows7-x64

10

JaffaCakes...50.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_625e773c0037b620739664f2e8f19050

  • Size

    119KB

  • Sample

    250102-dyrq1ssrhp

  • MD5

    625e773c0037b620739664f2e8f19050

  • SHA1

    4c77acb8e3fc47345b7b9102e35de202dd5e096d

  • SHA256

    7703be61413b1f69df0af53ba45608a9190df32eb3ad2e72e737d300e60604ee

  • SHA512

    c26ade08edc5e9078930c27bfcae5f729be8f280c2416220094bcb2bb8d2d974b563234be0cab2b644fc12c6035c79b18861a10f2dfbf96038091de7ac077301

  • SSDEEP

    3072:bfV29wqR5T7EKGVVshIp4wg8s8Oa4fW9/P/6vN+7NQ+U:bvE5YDs2tBs8OXfW9/niN8ZU

Score
10/10
njrat01 08 15 ink startupevasionpersistenceprivilege_escalationtrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

01 08 15 ink startup

C2

comptessaie.no-ip.biz:1605

Mutex

270d2a0037f1d4c8cb53865250574eae

Attributes
  • reg_key

    270d2a0037f1d4c8cb53865250574eae

  • splitter

    |'|'|

Targets

    • Target

      JaffaCakes118_625e773c0037b620739664f2e8f19050

    • Size

      119KB

    • MD5

      625e773c0037b620739664f2e8f19050

    • SHA1

      4c77acb8e3fc47345b7b9102e35de202dd5e096d

    • SHA256

      7703be61413b1f69df0af53ba45608a9190df32eb3ad2e72e737d300e60604ee

    • SHA512

      c26ade08edc5e9078930c27bfcae5f729be8f280c2416220094bcb2bb8d2d974b563234be0cab2b644fc12c6035c79b18861a10f2dfbf96038091de7ac077301

    • SSDEEP

      3072:bfV29wqR5T7EKGVVshIp4wg8s8Oa4fW9/P/6vN+7NQ+U:bvE5YDs2tBs8OXfW9/niN8ZU

    Score
    10/10
    njrat01 08 15 ink startupevasionpersistenceprivilege_escalationtrojan

    • Njrat family

      njrat

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks