General
-
Target
JaffaCakes118_6d929ed6520ba59af4fa3cdd877c0050
-
Size
29KB
-
Sample
250103-sp1pwstkhq
-
MD5
6d929ed6520ba59af4fa3cdd877c0050
-
SHA1
b747a53578f3f4e1cb7f20ab64851b3597463323
-
SHA256
a44376055321cd46cce5a900eb9fab0814c3349f155561cce5af136906837915
-
SHA512
be543bd29f489ee35767bde564498e0aa6607736698214f9d4497b2de4147cb4a04822bb4ad879c80a7d3da6d7535bff549b295becefcd195391f7d97d73f2c6
-
SSDEEP
384:pwIpl79TbsiKQ17H5FoQriWmqDGbLTecEGBsbh0w4wlAokw9OhgOL1vYRGOZz+ZG:l7tsiKojBr8q63TeWBKh0p29SgRYG
Malware Config
Extracted
njrat
0.6.4
Hacked aissous
baba19.no-ip.biz:1177
46d93431630fc8e404fed7204e708738
-
reg_key
46d93431630fc8e404fed7204e708738
-
splitter
|'|'|
Targets
-
-
Target
JaffaCakes118_6d929ed6520ba59af4fa3cdd877c0050
-
Size
29KB
-
MD5
6d929ed6520ba59af4fa3cdd877c0050
-
SHA1
b747a53578f3f4e1cb7f20ab64851b3597463323
-
SHA256
a44376055321cd46cce5a900eb9fab0814c3349f155561cce5af136906837915
-
SHA512
be543bd29f489ee35767bde564498e0aa6607736698214f9d4497b2de4147cb4a04822bb4ad879c80a7d3da6d7535bff549b295becefcd195391f7d97d73f2c6
-
SSDEEP
384:pwIpl79TbsiKQ17H5FoQriWmqDGbLTecEGBsbh0w4wlAokw9OhgOL1vYRGOZz+ZG:l7tsiKojBr8q63TeWBKh0p29SgRYG
Score10/10-
Njrat family
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1