General

  • Target

    79ce5bdb79117804552978e9ea880ae3_JaffaCakes118

  • Size

    92KB

  • Sample

    240527-vcxtksbg47

  • MD5

    79ce5bdb79117804552978e9ea880ae3

  • SHA1

    a21e6bd7a8b9735da3f4b538de5954c8abdec7fe

  • SHA256

    7fa0c82c2a0d7b2c849b90c2bb434c658d6d37ce055a96e12c78411520e7cff9

  • SHA512

    db3f581cda89d9ff2e43caed6f445524c06a089db4a9aae0f25b94c087f040082d067dedf266772f2dda2659f3765d5455ba48528687621581e90ac4c8df1678

  • SSDEEP

    1536:goo2pSebsOIPkCA4ANDl24x7ZO0cegjvZdvAlWlJQt78AYsQWeBTpZ+DW:350ebsz8CAIU7QbegjvZdIuQmjHBVEW

Malware Config

Targets

    • Target

      79ce5bdb79117804552978e9ea880ae3_JaffaCakes118

    • Size

      92KB

    • MD5

      79ce5bdb79117804552978e9ea880ae3

    • SHA1

      a21e6bd7a8b9735da3f4b538de5954c8abdec7fe

    • SHA256

      7fa0c82c2a0d7b2c849b90c2bb434c658d6d37ce055a96e12c78411520e7cff9

    • SHA512

      db3f581cda89d9ff2e43caed6f445524c06a089db4a9aae0f25b94c087f040082d067dedf266772f2dda2659f3765d5455ba48528687621581e90ac4c8df1678

    • SSDEEP

      1536:goo2pSebsOIPkCA4ANDl24x7ZO0cegjvZdvAlWlJQt78AYsQWeBTpZ+DW:350ebsz8CAIU7QbegjvZdIuQmjHBVEW

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks