General

  • Target

    d7a7506dc6883535744b94df18ddce8c_JaffaCakes118

  • Size

    23KB

  • Sample

    240910-gaeckazgkf

  • MD5

    d7a7506dc6883535744b94df18ddce8c

  • SHA1

    dcb83468bdfc65ef0a275a20129652f8ff537112

  • SHA256

    bdaff6126c2588acd0f6bc92a3bf1c902596a280271340e2dfdd4f6a5539c4d7

  • SHA512

    fcdf877a4ea1175facaa2509384d441a96e6cc26950a7e23a1c447855104ea39e80d71d3940162f30a01f813f73fde0e4269c4ae37c2c1d3aed3ca7e0ec99eb7

  • SSDEEP

    384:IMK6b2GZsx/Yr1+liORH1kcPFQ6Lg9gSOYRr9mRvR6JZlbw8hqIusZzZimQ:rb9glF51LRpcnuB

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

thetiger.linkpc.net:5552

Mutex

cb733ea86cd5129e693ea7211502e58b

Attributes
  • reg_key

    cb733ea86cd5129e693ea7211502e58b

  • splitter

    |'|'|

Targets

    • Target

      d7a7506dc6883535744b94df18ddce8c_JaffaCakes118

    • Size

      23KB

    • MD5

      d7a7506dc6883535744b94df18ddce8c

    • SHA1

      dcb83468bdfc65ef0a275a20129652f8ff537112

    • SHA256

      bdaff6126c2588acd0f6bc92a3bf1c902596a280271340e2dfdd4f6a5539c4d7

    • SHA512

      fcdf877a4ea1175facaa2509384d441a96e6cc26950a7e23a1c447855104ea39e80d71d3940162f30a01f813f73fde0e4269c4ae37c2c1d3aed3ca7e0ec99eb7

    • SSDEEP

      384:IMK6b2GZsx/Yr1+liORH1kcPFQ6Lg9gSOYRr9mRvR6JZlbw8hqIusZzZimQ:rb9glF51LRpcnuB

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks