Overview

overview

10

Static

static

3

JaffaCakes...c0.exe

windows7-x64

10

JaffaCakes...c0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_64396eb9d6779efba3271a98348a2dc0

  • Size

    326KB

  • Sample

    250102-lthljsyrbm

  • MD5

    64396eb9d6779efba3271a98348a2dc0

  • SHA1

    79c15cf74535b3e2af88049ea59be76f772c5e27

  • SHA256

    375508e2c587538b0b35bcc7fbca261f1ebe6940a3547470e5e77123b23d90eb

  • SHA512

    f9ff3afde02b4f6c7bff0a37e16c72bfdbb9933bf1f3a1538c1f376d964239d4b78c89c642c5e423c6cd10e321202fc60983e2c8a9f0dd8dc918ca97dcc746cd

  • SSDEEP

    6144:MKxRx+ulkUUnAnx2+sUkQpdo40y3jia7v4rV3KjVR2i1/Y9CltSrB85Omd:xZjKAx2okQpe4nzylKn2i1w9C3

Score
10/10
njratevasionpersistenceprivilege_escalationtrojan

Malware Config

Targets

    • Target

      JaffaCakes118_64396eb9d6779efba3271a98348a2dc0

    • Size

      326KB

    • MD5

      64396eb9d6779efba3271a98348a2dc0

    • SHA1

      79c15cf74535b3e2af88049ea59be76f772c5e27

    • SHA256

      375508e2c587538b0b35bcc7fbca261f1ebe6940a3547470e5e77123b23d90eb

    • SHA512

      f9ff3afde02b4f6c7bff0a37e16c72bfdbb9933bf1f3a1538c1f376d964239d4b78c89c642c5e423c6cd10e321202fc60983e2c8a9f0dd8dc918ca97dcc746cd

    • SSDEEP

      6144:MKxRx+ulkUUnAnx2+sUkQpdo40y3jia7v4rV3KjVR2i1/Y9CltSrB85Omd:xZjKAx2okQpe4nzylKn2i1w9C3

    Score
    10/10
    njratevasionpersistenceprivilege_escalationtrojan

    • Njrat family

      njrat

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks