General

  • Target

    ea473bd1e6f91a020a89b25695d8ba35_JaffaCakes118

  • Size

    55KB

  • Sample

    240919-a326rssakh

  • MD5

    ea473bd1e6f91a020a89b25695d8ba35

  • SHA1

    92a56a271532038532d7091830e3f9f7a8a871be

  • SHA256

    d264f3aa382f23e1b0bf3176f54a8f1b977b7daf482af3f8d384dc7d1b8db27e

  • SHA512

    96f2cc0a73bd041d0f6a5f48d6e88407e7c8832835bb437378031d701672d4a0edce41f648b1aa4ed34f67190a66aaf3f53e5552de853b83d65e4d38028ff541

  • SSDEEP

    1536:RKgzkS8p1G/NsOCMuvrEFWyC4hGW53K1G/NsOCMuvrEFWyC4hGW:RKgzkS8qC7yxwW53vC7yxwW

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

127.0.0.1:5552

Mutex

23f0e3bce589df29a3e6f3e8879b41c1

Attributes
  • reg_key

    23f0e3bce589df29a3e6f3e8879b41c1

  • splitter

    |'|'|

Targets

    • Target

      ea473bd1e6f91a020a89b25695d8ba35_JaffaCakes118

    • Size

      55KB

    • MD5

      ea473bd1e6f91a020a89b25695d8ba35

    • SHA1

      92a56a271532038532d7091830e3f9f7a8a871be

    • SHA256

      d264f3aa382f23e1b0bf3176f54a8f1b977b7daf482af3f8d384dc7d1b8db27e

    • SHA512

      96f2cc0a73bd041d0f6a5f48d6e88407e7c8832835bb437378031d701672d4a0edce41f648b1aa4ed34f67190a66aaf3f53e5552de853b83d65e4d38028ff541

    • SSDEEP

      1536:RKgzkS8p1G/NsOCMuvrEFWyC4hGW53K1G/NsOCMuvrEFWyC4hGW:RKgzkS8qC7yxwW53vC7yxwW

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks