General
-
Target
7fa672943d27b23830fad41370e368ab_JaffaCakes118
-
Size
31KB
-
Sample
240529-f86zssch69
-
MD5
7fa672943d27b23830fad41370e368ab
-
SHA1
ca2bf6b609130944e26c864d0befac1abf9c3afe
-
SHA256
3b4ecbb8e3c09e42166df0d2c159671ae46d7ea739556cf6da53ccb3fbf95dbe
-
SHA512
2915cd960eedf11af7370ba7b6a1dd29c9da7c7f61679ff9683aec7ce601a4b1a286005f666cbf39c0a29a9179e09da6e20c395e15268d0aba291e0b9a2c84e4
-
SSDEEP
768:AT5bgJZLrGzxhucehaqHjhvvKTQmIDUu0tiq2j:gUKgRR4QVkQj
Malware Config
Extracted
njrat
0.7d
extrimhack
192.168.0.102:6522
95f5ec3bd7a8e3e281a57a314113d408
-
reg_key
95f5ec3bd7a8e3e281a57a314113d408
-
splitter
Y262SUCZ4UJJ
Targets
-
-
Target
7fa672943d27b23830fad41370e368ab_JaffaCakes118
-
Size
31KB
-
MD5
7fa672943d27b23830fad41370e368ab
-
SHA1
ca2bf6b609130944e26c864d0befac1abf9c3afe
-
SHA256
3b4ecbb8e3c09e42166df0d2c159671ae46d7ea739556cf6da53ccb3fbf95dbe
-
SHA512
2915cd960eedf11af7370ba7b6a1dd29c9da7c7f61679ff9683aec7ce601a4b1a286005f666cbf39c0a29a9179e09da6e20c395e15268d0aba291e0b9a2c84e4
-
SSDEEP
768:AT5bgJZLrGzxhucehaqHjhvvKTQmIDUu0tiq2j:gUKgRR4QVkQj
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall
-
Drops startup file
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1