General

  • Target

    7c0ef81ef52a99bc26a26aed61c6532d_JaffaCakes118

  • Size

    23KB

  • Sample

    240528-hjxqyaba33

  • MD5

    7c0ef81ef52a99bc26a26aed61c6532d

  • SHA1

    f0e189c7e4c75e0f0961e9f5150b1cebc07a440a

  • SHA256

    81000dc1966cb3be3850943e75f6c08b97002c6b2aa1f020e4a74a0716b2de15

  • SHA512

    cf5f9909f19e20fca38e67e0d7f20071de63ba31bd6132901f18254678f572fca172b22a01b5b6f517a6af7f30a0b786ddf5a04128e5cb9b6eabf179566dc0a6

  • SSDEEP

    384:LY324bcgPiJLQrfARGSRUJsbY6ZgvSMBD3t8mRvR6JZlbw8hqIusZzZEP:0L2s+tRyRpcnul

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Ratted

C2

10.0.0.46:5552

Mutex

e8c2fab912734648f8bb500fffb8db77

Attributes
  • reg_key

    e8c2fab912734648f8bb500fffb8db77

  • splitter

    |'|'|

Targets

    • Target

      7c0ef81ef52a99bc26a26aed61c6532d_JaffaCakes118

    • Size

      23KB

    • MD5

      7c0ef81ef52a99bc26a26aed61c6532d

    • SHA1

      f0e189c7e4c75e0f0961e9f5150b1cebc07a440a

    • SHA256

      81000dc1966cb3be3850943e75f6c08b97002c6b2aa1f020e4a74a0716b2de15

    • SHA512

      cf5f9909f19e20fca38e67e0d7f20071de63ba31bd6132901f18254678f572fca172b22a01b5b6f517a6af7f30a0b786ddf5a04128e5cb9b6eabf179566dc0a6

    • SSDEEP

      384:LY324bcgPiJLQrfARGSRUJsbY6ZgvSMBD3t8mRvR6JZlbw8hqIusZzZEP:0L2s+tRyRpcnul

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks