Overview

overview

10

Static

static

10

sample.exe

windows7-x64

10

sample.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_6d75cf5e714666428d1900174feae850

  • Size

    13KB

  • Sample

    250103-scc33azlby

  • MD5

    6d75cf5e714666428d1900174feae850

  • SHA1

    dff4f26409836db2b988ee45ba05e2b5e2312272

  • SHA256

    5741476f485ba80d40981e7795e978522a09a6b20b70026179fee62a2c282f45

  • SHA512

    cb966b5dbe632554155d02b9e41377782b600283630389fd95ea9fb3d7e6b7c811f77cb3d4cfb685d58ca2005f85c6d82fa3bd84a2e44d11b5dbdc872a53fa54

  • SSDEEP

    384:AikjD+7PRK9jtDrdAfnSJUskE3GNrwrjoww0hCiJfKPFefbnvY:ADD++jXAfXsjWYjCkCipKP2bg

Score
10/10
njrathackeddiscoveryevasionpersistenceprivilege_escalationtrojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

HacKed

C2

algerien10404.no-ip.org:1177

Mutex

eaad395b717c9a7b58a9a841e1be3f92

Attributes
  • reg_key

    eaad395b717c9a7b58a9a841e1be3f92

  • splitter

    |'|'|

Targets

    • Target

      sample

    • Size

      29KB

    • MD5

      4597dea9793dd9aff61b4ac19c6b089e

    • SHA1

      c777aa4ee4c5714ade8ae7f2f6e6d34c7f34f67a

    • SHA256

      3827cd7438b47e7bb344d224ee5cfaf5af8dea40929af589c7c6e5b5352b1058

    • SHA512

      6faf5653cb25715421cc018c5a9637e932b2d0b89ad24baa37d6c7b4e27e104eb72a7b2ee8699044cbb5e9303965cd9b920925ce0c2602ed58a1022cd2111fd2

    • SSDEEP

      384:xPYs5l7VL9skVQ42BkkH5RYIGGmqDq9VXeXbGBsbh0w4wlAokw9OhgOL1vYRGOZ:xf7/skCXkmsIQq+VXeaBKh0p29SgRsl

    Score
    10/10
    njrathackeddiscoveryevasionpersistenceprivilege_escalationtrojan

    • Njrat family

      njrat

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks