General

  • Target

    0b53db3bf0176bb5f748c177aabc194b_JaffaCakes118

  • Size

    192KB

  • Sample

    240501-hshclsad7x

  • MD5

    0b53db3bf0176bb5f748c177aabc194b

  • SHA1

    842b8fb4f680738e395b737a5626a2e716c903a7

  • SHA256

    f3cbaf599ca57eb44f97d1087c451cea7445b7dc9bd6c5572238f12b312b21e4

  • SHA512

    7627dbb1a56a58a89492af2e832b46f3a3f86f7d477b13732dfa3141d17994ffbf81507b82a66a5a8c53da837b5e3eca0842461bca39281c4caa81d84d7fc1bd

  • SSDEEP

    768:ctvLqopBQ45eavyn0DOGeR0LRmRbmchj+Hk/cMJnl95gg5V55D555n55d5555n5+:yLq8NcGeDRbmvE/8v6+H4+7L4PV

Malware Config

Targets

    • Target

      0b53db3bf0176bb5f748c177aabc194b_JaffaCakes118

    • Size

      192KB

    • MD5

      0b53db3bf0176bb5f748c177aabc194b

    • SHA1

      842b8fb4f680738e395b737a5626a2e716c903a7

    • SHA256

      f3cbaf599ca57eb44f97d1087c451cea7445b7dc9bd6c5572238f12b312b21e4

    • SHA512

      7627dbb1a56a58a89492af2e832b46f3a3f86f7d477b13732dfa3141d17994ffbf81507b82a66a5a8c53da837b5e3eca0842461bca39281c4caa81d84d7fc1bd

    • SSDEEP

      768:ctvLqopBQ45eavyn0DOGeR0LRmRbmchj+Hk/cMJnl95gg5V55D555n55d5555n5+:yLq8NcGeDRbmvE/8v6+H4+7L4PV

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks