General

  • Target

    84e19fdbbf684408ba2eeb96d01f1219_JaffaCakes118

  • Size

    28KB

  • Sample

    240530-vvzqwsef9z

  • MD5

    84e19fdbbf684408ba2eeb96d01f1219

  • SHA1

    e8ef86328b4fc6de391fdebe69931546bcb29adb

  • SHA256

    312b0eb7bfb4618339d424ce828b4956c50bab132732f0813897e476f9a33014

  • SHA512

    5b79f2c7a9c3e4ead5eb03cfd52c96c40fc4822465093571bab1d2028cc20dfdbca04f6ce47277cfe629723f08fc8022f0daacda41e5b1c125e3499c3b5db6ab

  • SSDEEP

    384:VqYOGDuwIKY2f8BCgUF8BROwnA5WIBUJ6aIfgLZmpVk3O8TcdZcDMwScUievXeH0:Vsvw/Y2f8m8Tn9JjmAeQcPNwSfU7Wm

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Dark

C2

ZGFyazEx*jIz*zQ0YTViNTZkNy5kZG5zLm5ldA!!:1177

Mutex

d30e81b53079ab01f7442a2f86c7357d

Attributes
  • reg_key

    d30e81b53079ab01f7442a2f86c7357d

  • splitter

    |'|'|

Targets

    • Target

      84e19fdbbf684408ba2eeb96d01f1219_JaffaCakes118

    • Size

      28KB

    • MD5

      84e19fdbbf684408ba2eeb96d01f1219

    • SHA1

      e8ef86328b4fc6de391fdebe69931546bcb29adb

    • SHA256

      312b0eb7bfb4618339d424ce828b4956c50bab132732f0813897e476f9a33014

    • SHA512

      5b79f2c7a9c3e4ead5eb03cfd52c96c40fc4822465093571bab1d2028cc20dfdbca04f6ce47277cfe629723f08fc8022f0daacda41e5b1c125e3499c3b5db6ab

    • SSDEEP

      384:VqYOGDuwIKY2f8BCgUF8BROwnA5WIBUJ6aIfgLZmpVk3O8TcdZcDMwScUievXeH0:Vsvw/Y2f8m8Tn9JjmAeQcPNwSfU7Wm

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks