General

  • Target

    03fd88d8f05195bc19df0535edfef93d_JaffaCakes118

  • Size

    427KB

  • Sample

    240622-1qp9jszdpl

  • MD5

    03fd88d8f05195bc19df0535edfef93d

  • SHA1

    e5ec45312f8845bc07d5cb6c7ded13a790ea0ca9

  • SHA256

    e755de6be09f7b991a263275d3afe6c6211ffc0c246670e71f03813165a42f4e

  • SHA512

    92569e7aae2304fcfab30427bb5636ef7eb01d5fc76834116e507633949d9dc59b33910e17fd5199124522d7eb74505db4411d64f0b70b8ee298945f6312157f

  • SSDEEP

    3072:yHIVFBdEn/l+HL+pZFHoFN6WtljaJuloHs+L:pVB2+HL+pZFHoFN6WtljaJul+p

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed By Mr-Abu Hani

Mutex

9212c4b54e8f576a7b60a5356cd6d42a

Attributes
  • reg_key

    9212c4b54e8f576a7b60a5356cd6d42a

  • splitter

    |'|'|

Targets

    • Target

      03fd88d8f05195bc19df0535edfef93d_JaffaCakes118

    • Size

      427KB

    • MD5

      03fd88d8f05195bc19df0535edfef93d

    • SHA1

      e5ec45312f8845bc07d5cb6c7ded13a790ea0ca9

    • SHA256

      e755de6be09f7b991a263275d3afe6c6211ffc0c246670e71f03813165a42f4e

    • SHA512

      92569e7aae2304fcfab30427bb5636ef7eb01d5fc76834116e507633949d9dc59b33910e17fd5199124522d7eb74505db4411d64f0b70b8ee298945f6312157f

    • SSDEEP

      3072:yHIVFBdEn/l+HL+pZFHoFN6WtljaJuloHs+L:pVB2+HL+pZFHoFN6WtljaJul+p

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks