Overview

overview

10

Static

static

3

JaffaCakes...49.exe

windows7-x64

10

JaffaCakes...49.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_65208a5011448ac71d29c0bebaa77649

  • Size

    253KB

  • Sample

    250107-qkaa2avkdl

  • MD5

    65208a5011448ac71d29c0bebaa77649

  • SHA1

    0ffdbefccb03b3f0040ac5b5342e4d56978fc3dd

  • SHA256

    33fc5b4d4ff148dd1db1589a84650daa0e7ed1897dd665ca40c2f2377f98040f

  • SHA512

    66bf47fa0eaec0fc20912bcf049b66f95c802f7e6e8a0da2742edced4899dd80374961b850a86c3f80d80ee6fefdb854ee3197958e3ee6ebd3a812483dd34c2f

  • SSDEEP

    6144:47YzAavnMka2Ob9ITkBW4uZVsLQEYjVQu:9HvntaN9eSuZVJjVQu

Score
10/10
njratdiscoverytrojan

Malware Config

Extracted

Family

njrat

C2

nyacash.duckdns.org:57831

Mutex

50563ee3bbdd45

Attributes
  • reg_key

    50563ee3bbdd45

  • splitter

    @!#&^%$

Targets

    • Target

      JaffaCakes118_65208a5011448ac71d29c0bebaa77649

    • Size

      253KB

    • MD5

      65208a5011448ac71d29c0bebaa77649

    • SHA1

      0ffdbefccb03b3f0040ac5b5342e4d56978fc3dd

    • SHA256

      33fc5b4d4ff148dd1db1589a84650daa0e7ed1897dd665ca40c2f2377f98040f

    • SHA512

      66bf47fa0eaec0fc20912bcf049b66f95c802f7e6e8a0da2742edced4899dd80374961b850a86c3f80d80ee6fefdb854ee3197958e3ee6ebd3a812483dd34c2f

    • SSDEEP

      6144:47YzAavnMka2Ob9ITkBW4uZVsLQEYjVQu:9HvntaN9eSuZVJjVQu

    Score
    10/10
    njratdiscoverytrojan

    • Njrat family

      njrat

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks