General

  • Target

    03cb57011a5d97ea77106542e0b52fa6_JaffaCakes118

  • Size

    45KB

  • Sample

    240622-zegbtstare

  • MD5

    03cb57011a5d97ea77106542e0b52fa6

  • SHA1

    be45b9a381941b78abc74cb3589c04a13bd81761

  • SHA256

    3cd2b93b5e1a87261fc6ac3f0a424ceb3cdf7bd967cbe9c23282743bcb143e19

  • SHA512

    631fa33611753b1a71f57c73e10b7eaa7e87699c58a2df2af26bb0b1afc59f91c49764ca7528d2c9c039245efd3886f14cfaa61b49edf0644bbb2f1db186f78a

  • SSDEEP

    768:BapD+Zwq3r1uFbaYh+Jnq7az+xRug+n2hpUE+fDNkQp6HwfYT4X9b1S5HeQMKz:BgD+HZuY5q7az+GgDbUfZkQTfA4Xl1SB

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

B HAT

Mutex

1fcb8fb3a4794ae29f1b8ef01d138a35

Attributes
  • reg_key

    1fcb8fb3a4794ae29f1b8ef01d138a35

  • splitter

    |'|'|

Targets

    • Target

      03cb57011a5d97ea77106542e0b52fa6_JaffaCakes118

    • Size

      45KB

    • MD5

      03cb57011a5d97ea77106542e0b52fa6

    • SHA1

      be45b9a381941b78abc74cb3589c04a13bd81761

    • SHA256

      3cd2b93b5e1a87261fc6ac3f0a424ceb3cdf7bd967cbe9c23282743bcb143e19

    • SHA512

      631fa33611753b1a71f57c73e10b7eaa7e87699c58a2df2af26bb0b1afc59f91c49764ca7528d2c9c039245efd3886f14cfaa61b49edf0644bbb2f1db186f78a

    • SSDEEP

      768:BapD+Zwq3r1uFbaYh+Jnq7az+xRug+n2hpUE+fDNkQp6HwfYT4X9b1S5HeQMKz:BgD+HZuY5q7az+GgDbUfZkQTfA4Xl1SB

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks