General

  • Target

    cd19e60396aa99d0651e842e71cf7d89_JaffaCakes118

  • Size

    120KB

  • Sample

    240831-s8395asblk

  • MD5

    cd19e60396aa99d0651e842e71cf7d89

  • SHA1

    7a7c22157d98085ee39aba93ec4fc0fc483d1dfd

  • SHA256

    e6e2db6af4b30a543c9a0601182b222c75cd15f5d1363ca461080313c71346c2

  • SHA512

    3ff07cc7717876a96a458802c122ca428c6ef388845d3216417d3efe1926f9c509552ce07348fcba2ba181377909381ab7d52df8c489dc377afd8171201eed15

  • SSDEEP

    3072:RI9iK2Rh5VZONbQXBjmhR4L5HtvZZPQ62YNS:v4JQ4nM

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

127.0.0.1:5552

Mutex

279f6960ed84a752570aca7fb2dc1552

Attributes
  • reg_key

    279f6960ed84a752570aca7fb2dc1552

  • splitter

    |'|'|

Targets

    • Target

      cd19e60396aa99d0651e842e71cf7d89_JaffaCakes118

    • Size

      120KB

    • MD5

      cd19e60396aa99d0651e842e71cf7d89

    • SHA1

      7a7c22157d98085ee39aba93ec4fc0fc483d1dfd

    • SHA256

      e6e2db6af4b30a543c9a0601182b222c75cd15f5d1363ca461080313c71346c2

    • SHA512

      3ff07cc7717876a96a458802c122ca428c6ef388845d3216417d3efe1926f9c509552ce07348fcba2ba181377909381ab7d52df8c489dc377afd8171201eed15

    • SSDEEP

      3072:RI9iK2Rh5VZONbQXBjmhR4L5HtvZZPQ62YNS:v4JQ4nM

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks