General

  • Target

    67b8633cc78a57f489c0c5c38ed92757_JaffaCakes118

  • Size

    3.2MB

  • Sample

    240522-stt3xafg62

  • MD5

    67b8633cc78a57f489c0c5c38ed92757

  • SHA1

    e42d60223b621ead427841d69a77e8ceb7610f21

  • SHA256

    0b19a02bdfaab560d515b3fd51df9075c62995c8256145d8e6448acd5d366266

  • SHA512

    7d7d892ee9e47023be08815d90aeec33aed477069184d8d5ea01fa71ced1be9a3b7ea11f7258aab57d5d221eb3e14e6c2e69ddde795223c1ea017cb4794c6a46

  • SSDEEP

    49152:M6VloYaKAtm4diROYi0P/ucisgnS/zFh/mvE8kFDus1yBFRgthJu6WYDx2fzghEN:MIOYfJ4mrP2MgnW1p1lNthJBWYULgUn

Malware Config

Targets

    • Target

      CSGO cheat Injector.exe

    • Size

      3.3MB

    • MD5

      01b49aed665fd529003ad01832496c87

    • SHA1

      ab94f91fdf173a9c3fb54a0a34d4184199c14ed5

    • SHA256

      6c9e49b58cb313e27a026efdd33dbf86867a658bf6b2f3668f7c11b1fd4aefe0

    • SHA512

      d0ecd2442162edb04b006d0f0877e5dc5c7d5a777f22a5a4997d0650c429a6b39d73b6fbbc2d6b085e65610aca0b93b0489f96da4d28334e0cf17a847c00a39a

    • SSDEEP

      98304:t7Iviz/27qWGq/TzuqCDl2Ptao7jcEZTfGNK3:hIviq75/Tzuf2Z6NK3

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks