General

  • Target

    88026d20d8f9f5ca8479219f0b0aa81c_JaffaCakes118

  • Size

    357KB

  • Sample

    240531-xnjr7shf4v

  • MD5

    88026d20d8f9f5ca8479219f0b0aa81c

  • SHA1

    ea6d2d4681cf660eeba8e6f88f5504a62a17c3ee

  • SHA256

    828519716dc08d635d8e940e6cf64ec3dd5cb1d5defdcc2fca65d58af7568641

  • SHA512

    698f4b3f620162e036e83c26bc09199604b623b0ea533c92eb175596cae64c1e51e7d9a2543cf2bf1a735bdb36c6135916c224d2ed3986be44b14b1a13897482

  • SSDEEP

    6144:f7BLL/nAW5BNQziaMSeIzmO3eFs21iMk2UE0uo:f5Lx5BNQzRwUmO3f21beE0u

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

تم الاختراق من قبل دكتور الغربية #

C2

Dr187.ddns.net:999

Mutex

59e66e4fd01ed7a53bb65713760bdb7d

Attributes
  • reg_key

    59e66e4fd01ed7a53bb65713760bdb7d

  • splitter

    |'|'|

Targets

    • Target

      88026d20d8f9f5ca8479219f0b0aa81c_JaffaCakes118

    • Size

      357KB

    • MD5

      88026d20d8f9f5ca8479219f0b0aa81c

    • SHA1

      ea6d2d4681cf660eeba8e6f88f5504a62a17c3ee

    • SHA256

      828519716dc08d635d8e940e6cf64ec3dd5cb1d5defdcc2fca65d58af7568641

    • SHA512

      698f4b3f620162e036e83c26bc09199604b623b0ea533c92eb175596cae64c1e51e7d9a2543cf2bf1a735bdb36c6135916c224d2ed3986be44b14b1a13897482

    • SSDEEP

      6144:f7BLL/nAW5BNQziaMSeIzmO3eFs21iMk2UE0uo:f5Lx5BNQzRwUmO3f21beE0u

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks