Overview

overview

10

Static

static

3

abaed2efe7...18.exe

windows7-x64

10

abaed2efe7...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    abaed2efe74ed374996a00c7e61c1e6c_JaffaCakes118

  • Size

    259KB

  • Sample

    240614-12grjs1hkk

  • MD5

    abaed2efe74ed374996a00c7e61c1e6c

  • SHA1

    86c29a5439a24c0d05293e7849de094086961233

  • SHA256

    f203c9d2b91e4afd098df6669eb17d7e65757926b9d0d07c46c406bab5f56f90

  • SHA512

    afe151832d569381df9c7122aedb1e4ea763e10b73b126ed63ad039c56196e1b4f6838549e1328947e6f59bd827f02aa017419e6ce9d77f84829eee3f8ee354d

  • SSDEEP

    6144:ci5b6J/nGnEr9i9wbD66gJFRazJe3W6GGBw:r5GRnsExi5Rald6GGBw

Score
10/10
njratdonbo$$trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

DonBo$$

C2

103.1.184.108:6660

Mutex

af74a9c9d02f9190d3ff30d4ffdeafe0

Attributes
  • reg_key

    af74a9c9d02f9190d3ff30d4ffdeafe0

  • splitter

    |'|'|

Targets

    • Target

      abaed2efe74ed374996a00c7e61c1e6c_JaffaCakes118

    • Size

      259KB

    • MD5

      abaed2efe74ed374996a00c7e61c1e6c

    • SHA1

      86c29a5439a24c0d05293e7849de094086961233

    • SHA256

      f203c9d2b91e4afd098df6669eb17d7e65757926b9d0d07c46c406bab5f56f90

    • SHA512

      afe151832d569381df9c7122aedb1e4ea763e10b73b126ed63ad039c56196e1b4f6838549e1328947e6f59bd827f02aa017419e6ce9d77f84829eee3f8ee354d

    • SSDEEP

      6144:ci5b6J/nGnEr9i9wbD66gJFRazJe3W6GGBw:r5GRnsExi5Rald6GGBw

    Score
    10/10
    njratdonbo$$trojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks