General

  • Target

    248142aea460cc39937a45ddd2873c3a_JaffaCakes118

  • Size

    36KB

  • Sample

    241008-yjfenazbpk

  • MD5

    248142aea460cc39937a45ddd2873c3a

  • SHA1

    00d92a85c938e3449b7c8463c9b8465a0124498b

  • SHA256

    3917248c65c30739e04d5a6141bdd0140b30852a2680698e083be03904c0341a

  • SHA512

    c8ca79d6958fa694fb4c460b690a39e47ce9cce879502922d5bb825fcd7d47558b5d1ca6535c42ea81a8ed3e03b04a271594b5f2cade302c09ff3b67d86ea553

  • SSDEEP

    384:H+qIiuVjtD+P3V+y0bf2TKtvN4suKfdrAF+rMRTyN/0L+EcoinblneHQM3epzXwq:eNmV10bf2TKtClK1rM+rMRa8NuNaWt

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

192.168.0.104:25565

Mutex

986c64151b7027cb49fc754500077dc6

Attributes
  • reg_key

    986c64151b7027cb49fc754500077dc6

  • splitter

    |'|'|

Targets

    • Target

      248142aea460cc39937a45ddd2873c3a_JaffaCakes118

    • Size

      36KB

    • MD5

      248142aea460cc39937a45ddd2873c3a

    • SHA1

      00d92a85c938e3449b7c8463c9b8465a0124498b

    • SHA256

      3917248c65c30739e04d5a6141bdd0140b30852a2680698e083be03904c0341a

    • SHA512

      c8ca79d6958fa694fb4c460b690a39e47ce9cce879502922d5bb825fcd7d47558b5d1ca6535c42ea81a8ed3e03b04a271594b5f2cade302c09ff3b67d86ea553

    • SSDEEP

      384:H+qIiuVjtD+P3V+y0bf2TKtvN4suKfdrAF+rMRTyN/0L+EcoinblneHQM3epzXwq:eNmV10bf2TKtClK1rM+rMRa8NuNaWt

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks