General

  • Target

    2ade3ecc947a7ee4b5888aa0d841f65d_JaffaCakes118

  • Size

    1.4MB

  • Sample

    241009-e5pqns1eqh

  • MD5

    2ade3ecc947a7ee4b5888aa0d841f65d

  • SHA1

    9b4f3c90924edfcac89cd8d8674afe1b9138137e

  • SHA256

    455fb9ca9528bb4aea47f4eeab8ecb136df58787e815931e1276f85d9a89282b

  • SHA512

    6c32c9310d4c8fd65910bde7e0136bae1d1569f8ee4e64d0eabb114ae31cd9b296f67579bc049e97591fe2c2e901728a723e6469cb83fceffe108e1f6139a3e4

  • SSDEEP

    24576:+mTt3Gvv77FBA7oYTw8SqcFDN8DpAKsDXIHQ205yE+it7nhrE3Mmi:+zvXFzCw8SqcFaD6LPZ+iCMmi

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

Spameur monta

C2

kadi41.no-ip.org:1177

Mutex

9d0ca6779c4df125b0313463a3f5f631

Attributes
  • reg_key

    9d0ca6779c4df125b0313463a3f5f631

  • splitter

    |'|'|

Targets

    • Target

      cc/PP checker.exe

    • Size

      592KB

    • MD5

      f9af3bb471626b0b164883fd40364984

    • SHA1

      2134dfb0329ed567be16aded8da7bedf9d65f588

    • SHA256

      96cb6cc90619a599c9806d649a64db4aa596c495887ae3b3db432e63082bd0ab

    • SHA512

      e0f0c447c37b57caff29ae54f99b1ef37a9416a7fa03aa15f0f66c0e7a279a495c54e768527845ee900af95e76c8c2607053c85e30d7ff85fe0a1806e6fb7071

    • SSDEEP

      12288:b2y2axB0F+IKNDleyJJ5KcZDOIOcMldpFU065lbzO4mBR:q+xB3ZL5NDzkdHUphNmBR

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

    • Target

      cc/libeay32.dll

    • Size

      925KB

    • MD5

      805db415858b302e94826517f0a80352

    • SHA1

      388760a586a27dc020c8d68fd7a527900b3dc86f

    • SHA256

      375230e1b5fcf122e675a6996cf288a7c9ef65122639096393bd6595380f8b0d

    • SHA512

      6fda41b03181dacfd31341ce80c327734c1c7532e4f8b0e711650e68922d577a647137f9b173e2b1af30f5c08c4839f235a2f8c508002d020ba2d864a17b83de

    • SSDEEP

      24576:sPhGh0DY61iiGn+nG4pVzK6wcVPYMUh7:sIh0seiieW3VPYMUh

    Score
    3/10
    • Target

      cc/libssl32.dll

    • Size

      169KB

    • MD5

      9517f743f0b8836e0921ee5432a22a79

    • SHA1

      7f71036c0669db30bff4705aaf14a836ef6686d1

    • SHA256

      728d27d744fe415292ed0c35ed7a4a238b9bfa57ac3dc33e568e933130410701

    • SHA512

      19f76b761e75dddea70e2caca06078c5f90a3531e82ae001c4f48768f002d5d12c8cf73f941abf80633d35624be300f69ed68c5081b4aa64bf45367a1596125a

    • SSDEEP

      3072:gM0v1zaPRZCnvP/bOO6trcsevguKeZntJW4EiByyjQQBtrurekGwC:7O1zWCnvH6xg5vdJp8ydtriekQ

    Score
    3/10
    • Target

      cc/pp_checker.exe.lnk

    • Size

      778B

    • MD5

      3f02ef6a34edd061238ff0650aa444da

    • SHA1

      329b8fa007c5ca7a4e315c4ccc392ccb0646d710

    • SHA256

      7c5fcebc9580bb8039d326ad975e3c59f635e89589b2241d19115fd437b76fd3

    • SHA512

      c1e949c776b38bbfd96039b9a9162a9101de8a78d679c6c2f33e6149fc5641bb4536833211ea4d83feb13a66c994e097fb6ed8295d1c96c0dc9ad619dd6b5ecb

    Score
    6/10
    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Target

      cc/ssleay32.dll

    • Size

      156KB

    • MD5

      1659400f88a1aa0d639f6e3d56dc9a14

    • SHA1

      39c634dcb399676e32b15514b7ed0a788e35d795

    • SHA256

      021c109e371feb8cca3cac1e9d3bb2da2f29dde41f2da444f1571b4cb7714057

    • SHA512

      d1171d24b623bc7176bcec610fa86ac43f81f4f246a6e8d1e7c7ede8c195a4df190507134f060953a9d07e95732026d20b2765ecb683afece211fb3be794bde5

    • SSDEEP

      3072:fJY1YtE7Sxclu+Q0gfj/PG/2GUsF8JW0OV7uEPassW:f21Y3qu+Q0gfzmhFiW0OKssW

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks