General

  • Target

    87ec6746c4926b74a838597ad4916124_JaffaCakes118

  • Size

    31KB

  • Sample

    240531-w3zxashe76

  • MD5

    87ec6746c4926b74a838597ad4916124

  • SHA1

    6bb15db56bf5f543860ec45011f869f03a298fc5

  • SHA256

    ae07a482a7078e6473de1d3f42f4b47968d09cb937c289588563d5edf531932d

  • SHA512

    125f5fb5d19ac3ad72bc13e650a59c2a2cf55d77108417792cd179302899a79c2e822a6e88925bba3810980f188178a51d38c5c09aa6c7747f29002860b631dc

  • SSDEEP

    768:fPorD58pdvXyzx9uFgnafpnW3TvKAQmIDUu0tiCfj:gw68nQb7QVk1j

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Windows.exe

C2

192.168.0.2:6522

Mutex

ade03b4cc9120fa52ebf8ffaf0c1da32

Attributes
  • reg_key

    ade03b4cc9120fa52ebf8ffaf0c1da32

  • splitter

    Y262SUCZ4UJJ

Targets

    • Target

      87ec6746c4926b74a838597ad4916124_JaffaCakes118

    • Size

      31KB

    • MD5

      87ec6746c4926b74a838597ad4916124

    • SHA1

      6bb15db56bf5f543860ec45011f869f03a298fc5

    • SHA256

      ae07a482a7078e6473de1d3f42f4b47968d09cb937c289588563d5edf531932d

    • SHA512

      125f5fb5d19ac3ad72bc13e650a59c2a2cf55d77108417792cd179302899a79c2e822a6e88925bba3810980f188178a51d38c5c09aa6c7747f29002860b631dc

    • SSDEEP

      768:fPorD58pdvXyzx9uFgnafpnW3TvKAQmIDUu0tiCfj:gw68nQb7QVk1j

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks