General

  • Target

    cae8923155d45220def3abe2be6695af_JaffaCakes118

  • Size

    70KB

  • Sample

    240830-qfx7aswakc

  • MD5

    cae8923155d45220def3abe2be6695af

  • SHA1

    8636009dbc5b870f328158c32f9a702badf23388

  • SHA256

    23f3dc4ec909db89c98d7501967baaa8e967031c0586a7784c82b405743cb7e0

  • SHA512

    02206d43ddc0dbf7cf1ca4a80dfc75366568166816fd4ecf00957712864ddf0d6d08f953e8679733614e9d6edbfb76ffd0ee0b7871c47ec73da7bc41c03e24bd

  • SSDEEP

    1536:wGMeQS6X6J9BA7rOCoo0OKLBB39jSUYuC0Q+:3DQfX6JY7RFKFR9jNZa+

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

78.205.17.20:6699

Mutex

714bb89cc78e0b9f01ac161b3ff8b767

Attributes
  • reg_key

    714bb89cc78e0b9f01ac161b3ff8b767

  • splitter

    |'|'|

Targets

    • Target

      cae8923155d45220def3abe2be6695af_JaffaCakes118

    • Size

      70KB

    • MD5

      cae8923155d45220def3abe2be6695af

    • SHA1

      8636009dbc5b870f328158c32f9a702badf23388

    • SHA256

      23f3dc4ec909db89c98d7501967baaa8e967031c0586a7784c82b405743cb7e0

    • SHA512

      02206d43ddc0dbf7cf1ca4a80dfc75366568166816fd4ecf00957712864ddf0d6d08f953e8679733614e9d6edbfb76ffd0ee0b7871c47ec73da7bc41c03e24bd

    • SSDEEP

      1536:wGMeQS6X6J9BA7rOCoo0OKLBB39jSUYuC0Q+:3DQfX6JY7RFKFR9jNZa+

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Drops startup file

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks