General

  • Target

    0c76e3365993d5c24e7d210a5f53b64e_JaffaCakes118

  • Size

    100KB

  • Sample

    240625-errm4szcqh

  • MD5

    0c76e3365993d5c24e7d210a5f53b64e

  • SHA1

    d0edec4bb157fa27764578dd8f46e546935ac4f8

  • SHA256

    047d8eb18f79ce3958d974af6bdb89da38abff243bae5af1eb8137d39e893aa7

  • SHA512

    c5b7770fa8698d164e7c214f98fac914da72744ebe04533750756f3ddb9b32f7e7f0e6f35d5957af2ffca07480f31d4bf43dbf94cf8a0abb2d846172dc5d232f

  • SSDEEP

    3072:9Lc7HWxTdllPCWb6SuL5Hg8Jti8vWqitwLm:9ciTdUHn

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

w4170

C2

127.0.0.1:2553

Mutex

49aa5a94bca34c496c2f9d9944058dec

Attributes
  • reg_key

    49aa5a94bca34c496c2f9d9944058dec

  • splitter

    |'|'|

Targets

    • Target

      0c76e3365993d5c24e7d210a5f53b64e_JaffaCakes118

    • Size

      100KB

    • MD5

      0c76e3365993d5c24e7d210a5f53b64e

    • SHA1

      d0edec4bb157fa27764578dd8f46e546935ac4f8

    • SHA256

      047d8eb18f79ce3958d974af6bdb89da38abff243bae5af1eb8137d39e893aa7

    • SHA512

      c5b7770fa8698d164e7c214f98fac914da72744ebe04533750756f3ddb9b32f7e7f0e6f35d5957af2ffca07480f31d4bf43dbf94cf8a0abb2d846172dc5d232f

    • SSDEEP

      3072:9Lc7HWxTdllPCWb6SuL5Hg8Jti8vWqitwLm:9ciTdUHn

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Drops startup file

    • Adds Run key to start application

    • Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v15

Tasks