General

  • Target

    2c4d636b68794150829d795bc7afe8bd_JaffaCakes118

  • Size

    33KB

  • Sample

    241009-gzlg6s1dpa

  • MD5

    2c4d636b68794150829d795bc7afe8bd

  • SHA1

    bf2fe3d794ae93220fa513104a7cd0820f0ead3a

  • SHA256

    367deffb67b8ab4fcdf186dde68357c61b9044265077805c47aa2be303e43312

  • SHA512

    ce42af5118ec22b533340a26c2d70c27153f18f72b49005dea505fda2e18ba9984032540ac228bb90a1e32511ad741b1511e9ed624b58b184cf9e8dfc79cd37f

  • SSDEEP

    768:VvTquWVXats38qKZzHOxOruIEYwxGpUZSk:t3W5ss3g5cIEYwA6ZSk

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

82.202.167.230:7654

Mutex

Windows Update

Attributes
  • reg_key

    Windows Update

  • splitter

    |'|'|

Targets

    • Target

      2c4d636b68794150829d795bc7afe8bd_JaffaCakes118

    • Size

      33KB

    • MD5

      2c4d636b68794150829d795bc7afe8bd

    • SHA1

      bf2fe3d794ae93220fa513104a7cd0820f0ead3a

    • SHA256

      367deffb67b8ab4fcdf186dde68357c61b9044265077805c47aa2be303e43312

    • SHA512

      ce42af5118ec22b533340a26c2d70c27153f18f72b49005dea505fda2e18ba9984032540ac228bb90a1e32511ad741b1511e9ed624b58b184cf9e8dfc79cd37f

    • SSDEEP

      768:VvTquWVXats38qKZzHOxOruIEYwxGpUZSk:t3W5ss3g5cIEYwA6ZSk

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks