General

  • Target

    a8adf42a920ce843f189efdbd98c8095_JaffaCakes118

  • Size

    74KB

  • Sample

    241127-trvr4axkdq

  • MD5

    a8adf42a920ce843f189efdbd98c8095

  • SHA1

    d61cb659a5d1ae9046dd7863c13959ddbcf828f7

  • SHA256

    80299ffdb2d5d01d19f2cec5509e44a0ea409af7f9eb40fd36ac90fa28197ed5

  • SHA512

    7e9e66125139861ad0a87331074a170b2a6b2e9dd790b932919bcd52382a0dc410c7695ea971b9424d15daef07bf82bc466068351165509614f1804329f511a4

  • SSDEEP

    1536:Q3kmlboJJrJJJWr6JrJk53EEt1l+lu9uU7zzTYOELbkBDfNZ+zGWEh:Q0mlDb7t8jbkln+yWEh

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

svchost

C2

Lifebox1996.no-ip.org:7777

Mutex

23556fb1360f366337f97c924e76ead3

Attributes
  • reg_key

    23556fb1360f366337f97c924e76ead3

  • splitter

    |'|'|

Targets

    • Target

      a8adf42a920ce843f189efdbd98c8095_JaffaCakes118

    • Size

      74KB

    • MD5

      a8adf42a920ce843f189efdbd98c8095

    • SHA1

      d61cb659a5d1ae9046dd7863c13959ddbcf828f7

    • SHA256

      80299ffdb2d5d01d19f2cec5509e44a0ea409af7f9eb40fd36ac90fa28197ed5

    • SHA512

      7e9e66125139861ad0a87331074a170b2a6b2e9dd790b932919bcd52382a0dc410c7695ea971b9424d15daef07bf82bc466068351165509614f1804329f511a4

    • SSDEEP

      1536:Q3kmlboJJrJJJWr6JrJk53EEt1l+lu9uU7zzTYOELbkBDfNZ+zGWEh:Q0mlDb7t8jbkln+yWEh

    • Njrat family

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks