General
-
Target
JaffaCakes118_35a6a33753c12a8813dc8363658cd560
-
Size
95KB
-
Sample
250106-xytp6avmdt
-
MD5
35a6a33753c12a8813dc8363658cd560
-
SHA1
b8c83cd1253db8c2a193914c4f25c81e9ce9de00
-
SHA256
a5d0c41be8101d26ada31b8fbaf3527c726ae65fc65f703d59c15c2426dc3698
-
SHA512
734964d9be9c564b2af16a0f8a26eb72ffdb75fbe8511b6ad7a4be8545f5ae10c58690f09fe661be7f2b42d71cb22265b892f33344703b81293ba6a07c062dfe
-
SSDEEP
1536:8+ZQMGdeUwljEoKayOxdcJx7OXMHwhkVfjobkZKQ5x1AkSpoHHNLHieBb:8+ZQMtU9Jx7OXMHwhkVfjobkZKQ5x1DT
Malware Config
Extracted
njrat
0.6.4
scammer
oxy01.linkpc.net:1177
08f4dc96bbb7af09d1a37fe35c75a42f
-
reg_key
08f4dc96bbb7af09d1a37fe35c75a42f
-
splitter
|'|'|
Targets
-
-
Target
JaffaCakes118_35a6a33753c12a8813dc8363658cd560
-
Size
95KB
-
MD5
35a6a33753c12a8813dc8363658cd560
-
SHA1
b8c83cd1253db8c2a193914c4f25c81e9ce9de00
-
SHA256
a5d0c41be8101d26ada31b8fbaf3527c726ae65fc65f703d59c15c2426dc3698
-
SHA512
734964d9be9c564b2af16a0f8a26eb72ffdb75fbe8511b6ad7a4be8545f5ae10c58690f09fe661be7f2b42d71cb22265b892f33344703b81293ba6a07c062dfe
-
SSDEEP
1536:8+ZQMGdeUwljEoKayOxdcJx7OXMHwhkVfjobkZKQ5x1AkSpoHHNLHieBb:8+ZQMtU9Jx7OXMHwhkVfjobkZKQ5x1DT
Score10/10-
Njrat family
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1