General

  • Target

    372af030e33e6326192782579c0160dc_JaffaCakes118

  • Size

    69KB

  • Sample

    241011-2lx92axhkb

  • MD5

    372af030e33e6326192782579c0160dc

  • SHA1

    44059731a3fa1e990698fa09935cfa7ab79dca49

  • SHA256

    9dcf50d314d9541efbfd3b519fe5bc619478d8fcd116ab21ada07c4da2786088

  • SHA512

    cd0aa59c889e9a8933ffda4a33bdf175c318a0c1c3258c88d83a77e2356c06cb5cc7dac7bce03459376a213620caee587061a38e406efe57d520c503ee2d6b8f

  • SSDEEP

    1536:cWD1ciNrSVTR1cQHUeq/6YThUoUyPspdA4GSuw1+:vD+JR1cQ0eqCYThU5yPedv+

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

@ HaCkInG By Dr WeSt @

C2

w187.ddns.net:2020

Mutex

4ef9538b5a577a1bd3c1a578ea50c133

Attributes
  • reg_key

    4ef9538b5a577a1bd3c1a578ea50c133

  • splitter

    |'|'|

Targets

    • Target

      372af030e33e6326192782579c0160dc_JaffaCakes118

    • Size

      69KB

    • MD5

      372af030e33e6326192782579c0160dc

    • SHA1

      44059731a3fa1e990698fa09935cfa7ab79dca49

    • SHA256

      9dcf50d314d9541efbfd3b519fe5bc619478d8fcd116ab21ada07c4da2786088

    • SHA512

      cd0aa59c889e9a8933ffda4a33bdf175c318a0c1c3258c88d83a77e2356c06cb5cc7dac7bce03459376a213620caee587061a38e406efe57d520c503ee2d6b8f

    • SSDEEP

      1536:cWD1ciNrSVTR1cQHUeq/6YThUoUyPspdA4GSuw1+:vD+JR1cQ0eqCYThU5yPedv+

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks