General
-
Target
JaffaCakes118_66ef528412dc934d21412e0601b53440
-
Size
251KB
-
Sample
250102-v9l4caspcj
-
MD5
66ef528412dc934d21412e0601b53440
-
SHA1
7410355ff27c41f77ac7753ecfd27977a745651e
-
SHA256
63cc576ffefbcaf8e685b04e8cb0a86b94cc8ca35ac34f2eecadc65b9d6ff26d
-
SHA512
b046ef3685481011900ddc2d39c02a74fd9d06a6ae7e1e788699cec5c712aba284db9e91fc34ad8f5854cd1df44ea596507bd7823cae4f4dd3b055c838587ac7
-
SSDEEP
3072:i95oylZ4GU11ahLGAshKwBQYRvvtQsLj4HrNperABxTjCGPWEYpjG/KJFhy2h0pq:i95cGU+hshDtfLmb3x/CwTOjEwo
Malware Config
Extracted
njrat
0.7d
ههههههههههههههه
youssef20.ddns.net:1177
9322d95e65c8bd8ef9d5d31561116d58
-
reg_key
9322d95e65c8bd8ef9d5d31561116d58
-
splitter
|'|'|
Targets
-
-
Target
JaffaCakes118_66ef528412dc934d21412e0601b53440
-
Size
251KB
-
MD5
66ef528412dc934d21412e0601b53440
-
SHA1
7410355ff27c41f77ac7753ecfd27977a745651e
-
SHA256
63cc576ffefbcaf8e685b04e8cb0a86b94cc8ca35ac34f2eecadc65b9d6ff26d
-
SHA512
b046ef3685481011900ddc2d39c02a74fd9d06a6ae7e1e788699cec5c712aba284db9e91fc34ad8f5854cd1df44ea596507bd7823cae4f4dd3b055c838587ac7
-
SSDEEP
3072:i95oylZ4GU11ahLGAshKwBQYRvvtQsLj4HrNperABxTjCGPWEYpjG/KJFhy2h0pq:i95cGU+hshDtfLmb3x/CwTOjEwo
Score10/10-
Njrat family
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1