General

  • Target

    0b4ff0de3919a61ec83c4271f4c2c56f_JaffaCakes118

  • Size

    462KB

  • Sample

    240501-hmk7baac9v

  • MD5

    0b4ff0de3919a61ec83c4271f4c2c56f

  • SHA1

    770b84628269c6c75ab4ab29ae1d337538b46289

  • SHA256

    6d3a0281e6c8f67b1bd9e51807b3acfcaa221d0cfbaee476117b1bf3b2c73c53

  • SHA512

    d5c2fa8830ffabe23c1786805366a5c1961776cc47de849169455ae074ff8510ee56f29d4a93c87354ee362f2d68f346ed57bd2f3ff3f008816231966fbdc66f

  • SSDEEP

    12288:9crNS33L10QdrXP/X+tGfnbtAang35kGbXY0v7zd:ANA3R5drXPrfbCangpvXY0vl

Malware Config

Targets

    • Target

      0b4ff0de3919a61ec83c4271f4c2c56f_JaffaCakes118

    • Size

      462KB

    • MD5

      0b4ff0de3919a61ec83c4271f4c2c56f

    • SHA1

      770b84628269c6c75ab4ab29ae1d337538b46289

    • SHA256

      6d3a0281e6c8f67b1bd9e51807b3acfcaa221d0cfbaee476117b1bf3b2c73c53

    • SHA512

      d5c2fa8830ffabe23c1786805366a5c1961776cc47de849169455ae074ff8510ee56f29d4a93c87354ee362f2d68f346ed57bd2f3ff3f008816231966fbdc66f

    • SSDEEP

      12288:9crNS33L10QdrXP/X+tGfnbtAang35kGbXY0v7zd:ANA3R5drXPrfbCangpvXY0vl

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks