General

  • Target

    790efaa1de23a492209651ade4964dad_JaffaCakes118

  • Size

    3.2MB

  • Sample

    240527-nztxwabd56

  • MD5

    790efaa1de23a492209651ade4964dad

  • SHA1

    552850fdc96aa355dcf293337af5ec22d561b7a6

  • SHA256

    7669384c14ad47cf791fbe1e759bea619ebd7b35d53c7f92a26e14b009c51535

  • SHA512

    db954536159992c8552c9080904fdce2a8b0e8ff606e69a4bc680bb312c151931d7fa80710bc4e424cc8fc582e8437f08ade64d5fcf5d971f37972ea7f8934f4

  • SSDEEP

    98304:gviz/27qWGq/TzuqCDl2Ptao7jvNdrJNK:gviq75/TzufEfNK

Malware Config

Targets

    • Target

      790efaa1de23a492209651ade4964dad_JaffaCakes118

    • Size

      3.2MB

    • MD5

      790efaa1de23a492209651ade4964dad

    • SHA1

      552850fdc96aa355dcf293337af5ec22d561b7a6

    • SHA256

      7669384c14ad47cf791fbe1e759bea619ebd7b35d53c7f92a26e14b009c51535

    • SHA512

      db954536159992c8552c9080904fdce2a8b0e8ff606e69a4bc680bb312c151931d7fa80710bc4e424cc8fc582e8437f08ade64d5fcf5d971f37972ea7f8934f4

    • SSDEEP

      98304:gviz/27qWGq/TzuqCDl2Ptao7jvNdrJNK:gviq75/TzufEfNK

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks