General
-
Target
JaffaCakes118_788a4b907dfe8c46a94e8f6b3ab98750
-
Size
44KB
-
Sample
250104-jqv2csslcl
-
MD5
788a4b907dfe8c46a94e8f6b3ab98750
-
SHA1
ade1ea37cbb2bf2cc88edda100f76928ffd1a14a
-
SHA256
2c6f15e3f38de5b1915c727a71e354b7f22e862e943ad182b16c3f1c1dce0fb3
-
SHA512
d6a943f1ce6af742dff9a7c57cf8c1f38825560d31e11944206b48223993b30536be5642ec5d339cfb0bd1d6ed5ce5b7c09ef0c7f40d3f8d014098edad5d5c5f
-
SSDEEP
768:ulZ0lBGZHOfEFZioSPNwRihxXQSqeJtr:/qHOfE+eRoVtr
Malware Config
Extracted
njrat
0.7d
HacKed
np21tda.no-ip.biz:1604
1e53089ba3608119eab8307d03cab81d
-
reg_key
1e53089ba3608119eab8307d03cab81d
-
splitter
|'|'|
Targets
-
-
Target
JaffaCakes118_788a4b907dfe8c46a94e8f6b3ab98750
-
Size
44KB
-
MD5
788a4b907dfe8c46a94e8f6b3ab98750
-
SHA1
ade1ea37cbb2bf2cc88edda100f76928ffd1a14a
-
SHA256
2c6f15e3f38de5b1915c727a71e354b7f22e862e943ad182b16c3f1c1dce0fb3
-
SHA512
d6a943f1ce6af742dff9a7c57cf8c1f38825560d31e11944206b48223993b30536be5642ec5d339cfb0bd1d6ed5ce5b7c09ef0c7f40d3f8d014098edad5d5c5f
-
SSDEEP
768:ulZ0lBGZHOfEFZioSPNwRihxXQSqeJtr:/qHOfE+eRoVtr
Score10/10-
Njrat family
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1