General

  • Target

    294bb415cf869002e3d282457cee2e2b_JaffaCakes118

  • Size

    568KB

  • Sample

    241009-c3agvszbkf

  • MD5

    294bb415cf869002e3d282457cee2e2b

  • SHA1

    a7c5b5871a5fd7e232af903fbd4a08c525a227fd

  • SHA256

    65606c3b5d0e650ce671562b90c14199c67e28aaf8dd9779da5dbd85d946b355

  • SHA512

    23094c90e55143ff7bd549297eb4924c117cb65e3bcd1cd5a1ecad01fe00c234f3138eaa32671213c992c81468e70ccd67d529ddaa4f4dc29c2b1eefc1830f9d

  • SSDEEP

    6144:Mg+b9gCxNsTmg4yCOKV6Evwoe+wiMT6wIx1f:Mg293Ey6Evwoe+wiMS1

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

127.0.0.1:5552

Mutex

7b1cba4c2fd49c8ec47f2b8a10ea378a

Attributes
  • reg_key

    7b1cba4c2fd49c8ec47f2b8a10ea378a

  • splitter

    |'|'|

Targets

    • Target

      294bb415cf869002e3d282457cee2e2b_JaffaCakes118

    • Size

      568KB

    • MD5

      294bb415cf869002e3d282457cee2e2b

    • SHA1

      a7c5b5871a5fd7e232af903fbd4a08c525a227fd

    • SHA256

      65606c3b5d0e650ce671562b90c14199c67e28aaf8dd9779da5dbd85d946b355

    • SHA512

      23094c90e55143ff7bd549297eb4924c117cb65e3bcd1cd5a1ecad01fe00c234f3138eaa32671213c992c81468e70ccd67d529ddaa4f4dc29c2b1eefc1830f9d

    • SSDEEP

      6144:Mg+b9gCxNsTmg4yCOKV6Evwoe+wiMT6wIx1f:Mg293Ey6Evwoe+wiMS1

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

MITRE ATT&CK Enterprise v15

Tasks