General

  • Target

    2bb8f6d4402fc3676a4c2c72e4e34108_JaffaCakes118

  • Size

    29KB

  • Sample

    241009-f6zspsxdmd

  • MD5

    2bb8f6d4402fc3676a4c2c72e4e34108

  • SHA1

    ce3a4d2c29ee771157d890bbba72340c4139c090

  • SHA256

    e1d24e17f8814a7609cb0bd9badf0b1ce4a3b2a74b4e9bb451ff7d757f024b92

  • SHA512

    471564c0996427e7e8abad62ca04a3a7418c607684f2f3d6e4129cd5012cf7cdb84511cdc84f570408b5018fef626ae2c1d4209ef0762fb7e89451aad6afcbd2

  • SSDEEP

    384:PuRltl7P1LWxu0m5yB5bttimWmqDEw5eQtGBsbh0w4wlAokw9OhgOL1vYRGOZzLe:Up79Wxu0miztioqN5eBBKh0p29SgR98

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

Mz

C2

78.219.82.2:1177

Mutex

effd4296b6dca63363cb049e7b3067de

Attributes
  • reg_key

    effd4296b6dca63363cb049e7b3067de

  • splitter

    |'|'|

Targets

    • Target

      2bb8f6d4402fc3676a4c2c72e4e34108_JaffaCakes118

    • Size

      29KB

    • MD5

      2bb8f6d4402fc3676a4c2c72e4e34108

    • SHA1

      ce3a4d2c29ee771157d890bbba72340c4139c090

    • SHA256

      e1d24e17f8814a7609cb0bd9badf0b1ce4a3b2a74b4e9bb451ff7d757f024b92

    • SHA512

      471564c0996427e7e8abad62ca04a3a7418c607684f2f3d6e4129cd5012cf7cdb84511cdc84f570408b5018fef626ae2c1d4209ef0762fb7e89451aad6afcbd2

    • SSDEEP

      384:PuRltl7P1LWxu0m5yB5bttimWmqDEw5eQtGBsbh0w4wlAokw9OhgOL1vYRGOZzLe:Up79Wxu0miztioqN5eBBKh0p29SgR98

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks