General

  • Target

    07a988176d16b3362a9a9dad0db63f78_JaffaCakes118

  • Size

    9.0MB

  • Sample

    240429-pmbq7sah2x

  • MD5

    07a988176d16b3362a9a9dad0db63f78

  • SHA1

    0bf2bf944adb7f91e6e147f42777d1bdfa3c1d09

  • SHA256

    7bef0f3d9b878d8e46e0afbe6af5839244b45270d1709d43f21b28eca66eb162

  • SHA512

    b39909ad609a6451c32c30841a025c57c91aab42865c51d8f5db0060b20b479ba25248e4c9b29115ac08897a9a345b4952a23aa2cd71230e6a21fcab6957bbd4

  • SSDEEP

    196608:Yviq75/TzufsQ6EzipQeZm/0uPniBgju8liZq2VIrN2:UiC/nQ5zIQeZ4fzzlAVW4

Malware Config

Targets

    • Target

      07a988176d16b3362a9a9dad0db63f78_JaffaCakes118

    • Size

      9.0MB

    • MD5

      07a988176d16b3362a9a9dad0db63f78

    • SHA1

      0bf2bf944adb7f91e6e147f42777d1bdfa3c1d09

    • SHA256

      7bef0f3d9b878d8e46e0afbe6af5839244b45270d1709d43f21b28eca66eb162

    • SHA512

      b39909ad609a6451c32c30841a025c57c91aab42865c51d8f5db0060b20b479ba25248e4c9b29115ac08897a9a345b4952a23aa2cd71230e6a21fcab6957bbd4

    • SSDEEP

      196608:Yviq75/TzufsQ6EzipQeZm/0uPniBgju8liZq2VIrN2:UiC/nQ5zIQeZ4fzzlAVW4

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks