Overview

overview

10

Static

static

3

JaffaCakes...c0.exe

windows7-x64

10

JaffaCakes...c0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_77d9701431d20caa93469771d6f44dc0

  • Size

    438KB

  • Sample

    250104-fz1fnawndl

  • MD5

    77d9701431d20caa93469771d6f44dc0

  • SHA1

    6dc0cfcec96c55f3d3f6667f5f95040d9f8aa39b

  • SHA256

    88bdb766f6f09104c43b54e1226d8ae2ea734b8117276a40741099ec79dceff3

  • SHA512

    b7cf14d91c9fb5f36669e8396a449a9efbe6f5e972cc23776579120126a613f10248fcf6fe91f4567ca960c3d11ab945376dbb0fdbc29dd66114ec7ef706db3b

  • SSDEEP

    6144:nHnMBnkOZHpp+6rbwwQjKUsIS4KTYChXod2YX5iWD1c00R9XnaLzrvZRTJRm:HnMBhp+6rbwLKUsF4KYClpYAuSdcZBJ

Score
10/10
njratdiscoveryevasionpersistenceprivilege_escalationtrojan

Malware Config

Targets

    • Target

      JaffaCakes118_77d9701431d20caa93469771d6f44dc0

    • Size

      438KB

    • MD5

      77d9701431d20caa93469771d6f44dc0

    • SHA1

      6dc0cfcec96c55f3d3f6667f5f95040d9f8aa39b

    • SHA256

      88bdb766f6f09104c43b54e1226d8ae2ea734b8117276a40741099ec79dceff3

    • SHA512

      b7cf14d91c9fb5f36669e8396a449a9efbe6f5e972cc23776579120126a613f10248fcf6fe91f4567ca960c3d11ab945376dbb0fdbc29dd66114ec7ef706db3b

    • SSDEEP

      6144:nHnMBnkOZHpp+6rbwwQjKUsIS4KTYChXod2YX5iWD1c00R9XnaLzrvZRTJRm:HnMBhp+6rbwLKUsF4KYClpYAuSdcZBJ

    Score
    10/10
    njratdiscoveryevasionpersistenceprivilege_escalationtrojan

    • Njrat family

      njrat

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks