General
-
Target
15745dbac240993bdf41da546f185342_JaffaCakes118
-
Size
48KB
-
Sample
240505-cb6qzseb78
-
MD5
15745dbac240993bdf41da546f185342
-
SHA1
574d985e0e9253f819debcc80ad4bf0423d038bf
-
SHA256
f6d6f2f4c05d54eeda9abbfd15f8241c5836b44b27694136915cfcaf70374bde
-
SHA512
bb03514580f68bb1e06db304b4231ac715531867ae956663c53cb571438d2a43dfad12440a48440e3ea5b9c197e694a63354be30a8876190114bd269228d1ae1
-
SSDEEP
768:4Z9N/UrfI5Yvf1AZkqYqkAD56t4vrQOi/B6G6vtjw8t0BCDR:4ZrMobZkqYedvUOQ8VDR
Malware Config
Targets
-
-
Target
15745dbac240993bdf41da546f185342_JaffaCakes118
-
Size
48KB
-
MD5
15745dbac240993bdf41da546f185342
-
SHA1
574d985e0e9253f819debcc80ad4bf0423d038bf
-
SHA256
f6d6f2f4c05d54eeda9abbfd15f8241c5836b44b27694136915cfcaf70374bde
-
SHA512
bb03514580f68bb1e06db304b4231ac715531867ae956663c53cb571438d2a43dfad12440a48440e3ea5b9c197e694a63354be30a8876190114bd269228d1ae1
-
SSDEEP
768:4Z9N/UrfI5Yvf1AZkqYqkAD56t4vrQOi/B6G6vtjw8t0BCDR:4ZrMobZkqYedvUOQ8VDR
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1