General

  • Target

    0d8554175edcb72dfe46a7cca2697ed7_JaffaCakes118

  • Size

    112KB

  • Sample

    240625-lahr7sthml

  • MD5

    0d8554175edcb72dfe46a7cca2697ed7

  • SHA1

    22da1d54eb857b9e4b7a2f7757fbe122e7a6b3f0

  • SHA256

    e9bf3d6164774120b86df1d120ce2fe6fcf48e1121ebe794ebfc0553feb3185c

  • SHA512

    b436c24a94a44096152cc45d8c1149748ca38523fcb9d7d0ddb99ed18c0a937ed1474ad0c634d654e62827cf11418d12108bc9680f2c44381538d68f64724ab8

  • SSDEEP

    3072:JvUhOJKgugxTdllPCWb6SuL5Hg8Jti8vWqitwL8:JvUhOJKgFTdUHn

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

svchost.exe

C2

mytong1.ze.am:5552

Mutex

c1848c8da1204ace364b2b3206b9c068

Attributes
  • reg_key

    c1848c8da1204ace364b2b3206b9c068

  • splitter

    |'|'|

Targets

    • Target

      0d8554175edcb72dfe46a7cca2697ed7_JaffaCakes118

    • Size

      112KB

    • MD5

      0d8554175edcb72dfe46a7cca2697ed7

    • SHA1

      22da1d54eb857b9e4b7a2f7757fbe122e7a6b3f0

    • SHA256

      e9bf3d6164774120b86df1d120ce2fe6fcf48e1121ebe794ebfc0553feb3185c

    • SHA512

      b436c24a94a44096152cc45d8c1149748ca38523fcb9d7d0ddb99ed18c0a937ed1474ad0c634d654e62827cf11418d12108bc9680f2c44381538d68f64724ab8

    • SSDEEP

      3072:JvUhOJKgugxTdllPCWb6SuL5Hg8Jti8vWqitwL8:JvUhOJKgFTdUHn

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Drops startup file

    • Adds Run key to start application

    • Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v15

Tasks