General
-
Target
JaffaCakes118_558f283d460d4a23b76c34eeddb0d120
-
Size
60KB
-
Sample
250101-pwrtsaxnal
-
MD5
558f283d460d4a23b76c34eeddb0d120
-
SHA1
dd755bf3c6d521f742457ff4eb9171db0ca4408e
-
SHA256
08bea6fef66f0070b9f35c5db9da078af5d4b59dec42480f80264f066ba99d20
-
SHA512
6414c8af13fd9264ff6775f587a0dd92ca01068a2c403b85c089ba7c7d0bc377c5d4d8302addc04c142c82d3467009900a7badae0e575350db5287ed6809ee33
-
SSDEEP
1536:AEF+KvAIhBDmzuE00DD0F3KSBOyvoQGQbgF:AEF+/IhBDmzEKdQw
Malware Config
Extracted
njrat
0.7d
HacKed
diogocfal.duckdns.org:5552
2ce29a28a0e0366d194d4033c037916f
-
reg_key
2ce29a28a0e0366d194d4033c037916f
-
splitter
|'|'|
Targets
-
-
Target
JaffaCakes118_558f283d460d4a23b76c34eeddb0d120
-
Size
60KB
-
MD5
558f283d460d4a23b76c34eeddb0d120
-
SHA1
dd755bf3c6d521f742457ff4eb9171db0ca4408e
-
SHA256
08bea6fef66f0070b9f35c5db9da078af5d4b59dec42480f80264f066ba99d20
-
SHA512
6414c8af13fd9264ff6775f587a0dd92ca01068a2c403b85c089ba7c7d0bc377c5d4d8302addc04c142c82d3467009900a7badae0e575350db5287ed6809ee33
-
SSDEEP
1536:AEF+KvAIhBDmzuE00DD0F3KSBOyvoQGQbgF:AEF+/IhBDmzEKdQw
Score10/10-
Njrat family
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1