General

  • Target

    f7c8ba3681e459e75c23535f368f761e_JaffaCakes118

  • Size

    91KB

  • Sample

    240926-hdy2tasgjj

  • MD5

    f7c8ba3681e459e75c23535f368f761e

  • SHA1

    88faa2547008d2c0d40889bbfdb6ce39d73d3d5f

  • SHA256

    88e0f99a2f38de015441056cf478dde237f503800e0433a64d88cffea3b91956

  • SHA512

    07dd051c19d9787ebd546edb7dfa20bee6f321aea1b7a9cdfd56af5646f212dd01c6c821bd12d1120fa648497cf27c5c1f64b243304c02fe3aad9b3c955063d4

  • SSDEEP

    1536:yt0dOE7kkkkkkkkAwkkkkkkkknkkkkkkkXkkkkkkkkfkkkkkkkkSkkIkkkk5fkk6:ymV7kkkkkkkkfkkkkkkkknkkkkkkkXkJ

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

1

C2

115.126.219.51:2588

Mutex

3ed2b109f90577595c428d01e3743702

Attributes
  • reg_key

    3ed2b109f90577595c428d01e3743702

  • splitter

    |'|'|

Targets

    • Target

      f7c8ba3681e459e75c23535f368f761e_JaffaCakes118

    • Size

      91KB

    • MD5

      f7c8ba3681e459e75c23535f368f761e

    • SHA1

      88faa2547008d2c0d40889bbfdb6ce39d73d3d5f

    • SHA256

      88e0f99a2f38de015441056cf478dde237f503800e0433a64d88cffea3b91956

    • SHA512

      07dd051c19d9787ebd546edb7dfa20bee6f321aea1b7a9cdfd56af5646f212dd01c6c821bd12d1120fa648497cf27c5c1f64b243304c02fe3aad9b3c955063d4

    • SSDEEP

      1536:yt0dOE7kkkkkkkkAwkkkkkkkknkkkkkkkXkkkkkkkkfkkkkkkkkSkkIkkkk5fkk6:ymV7kkkkkkkkfkkkkkkkknkkkkkkkXkJ

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks