Overview

overview

10

Static

static

10

JaffaCakes...30.exe

windows7-x64

10

JaffaCakes...30.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_6be9086d115dd1b8056987f2214e9230

  • Size

    23KB

  • Sample

    250103-l95e9aykay

  • MD5

    6be9086d115dd1b8056987f2214e9230

  • SHA1

    60810fca5ccaab8ed9dd384b0aec27fbfa18e7a3

  • SHA256

    681138b7b667d2449e2c2da65c905dc1630e3b8ff72a14db0a62587a0364b3c5

  • SHA512

    812d0d801595432b89823137e903ecb677efbd40fe4da3d1c21df12c969de4463ff2d847202715459bf2ca8295083dced18665272c08fc754f80421569f10737

  • SSDEEP

    384:ffQeCo2zmZbQHkJeCdUwBvQ61gjuQBnB9mRvR6JZlbw8hqIusZzZEW:fA5yBVd7RpcnuM

Score
10/10
njratnigguhdiscoveryevasionpersistenceprivilege_escalationtrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

NIGGUH

C2

iamsprey.ddns.net:1605

Mutex

4d50ff0f3a4eb213da8fe301253af367

Attributes
  • reg_key

    4d50ff0f3a4eb213da8fe301253af367

  • splitter

    |'|'|

Targets

    • Target

      JaffaCakes118_6be9086d115dd1b8056987f2214e9230

    • Size

      23KB

    • MD5

      6be9086d115dd1b8056987f2214e9230

    • SHA1

      60810fca5ccaab8ed9dd384b0aec27fbfa18e7a3

    • SHA256

      681138b7b667d2449e2c2da65c905dc1630e3b8ff72a14db0a62587a0364b3c5

    • SHA512

      812d0d801595432b89823137e903ecb677efbd40fe4da3d1c21df12c969de4463ff2d847202715459bf2ca8295083dced18665272c08fc754f80421569f10737

    • SSDEEP

      384:ffQeCo2zmZbQHkJeCdUwBvQ61gjuQBnB9mRvR6JZlbw8hqIusZzZEW:fA5yBVd7RpcnuM

    Score
    10/10
    njratnigguhdiscoveryevasionpersistenceprivilege_escalationtrojan

    • Njrat family

      njrat

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.