Overview

overview

10

Static

static

3

JaffaCakes...00.exe

windows7-x64

10

JaffaCakes...00.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_699b7a95c69b10a9107393fb4a8d2a00

  • Size

    17KB

  • Sample

    250103-cpkqnsyjcn

  • MD5

    699b7a95c69b10a9107393fb4a8d2a00

  • SHA1

    572b8540e349836471df26752f5b12c680ebaedb

  • SHA256

    b0162fc368bf26bde3c23ec90f7fc047796da948a8c94c83a8bd57b05bac5f55

  • SHA512

    3a04e281c5e3633ebe7b9dba296b7a169d09665b673d5641b679e64630d04a91ebb930eecd4e23952ea53bcd70792859d30c1f06eeac0af58ebb2cae89851308

  • SSDEEP

    384:/f1P7Etj9a+jRSUJ5FgNOO1Y//TvxVZd:/fZEt4WRNXFgrIvpd

Score
10/10
njratdiscoveryevasionpersistenceprivilege_escalationtrojan

Malware Config

Targets

    • Target

      JaffaCakes118_699b7a95c69b10a9107393fb4a8d2a00

    • Size

      17KB

    • MD5

      699b7a95c69b10a9107393fb4a8d2a00

    • SHA1

      572b8540e349836471df26752f5b12c680ebaedb

    • SHA256

      b0162fc368bf26bde3c23ec90f7fc047796da948a8c94c83a8bd57b05bac5f55

    • SHA512

      3a04e281c5e3633ebe7b9dba296b7a169d09665b673d5641b679e64630d04a91ebb930eecd4e23952ea53bcd70792859d30c1f06eeac0af58ebb2cae89851308

    • SSDEEP

      384:/f1P7Etj9a+jRSUJ5FgNOO1Y//TvxVZd:/fZEt4WRNXFgrIvpd

    Score
    10/10
    njratdiscoveryevasionpersistenceprivilege_escalationtrojan

    • Njrat family

      njrat

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks