General

  • Target

    807fdc437e03d6c168792b8773e4f73c_JaffaCakes118

  • Size

    923KB

  • Sample

    240529-mzf6cacb41

  • MD5

    807fdc437e03d6c168792b8773e4f73c

  • SHA1

    2b593b3505b09aa2a322a8aab3c20161b461dd23

  • SHA256

    3401c787e69edb72ca1216677ec2e0adb3c51db92c03dc88fa4f11e046e727d0

  • SHA512

    fd4ab96c99c80d8ba23a6dce61471aa2544c2778236bca5f2010d196509e53ca8288cc4f89d79d5b54d90e8da6ab801a0b62e50ca859ea826a4ef17aaeae04d8

  • SSDEEP

    12288:SdjX6gJi4/KolPowKqRwzR+3uFnBHR1b536JEDwJ7BYfQphPqfEosRZihYFhyQB6:hQQQwdt1NfZTQ+iilL848

Malware Config

Targets

    • Target

      807fdc437e03d6c168792b8773e4f73c_JaffaCakes118

    • Size

      923KB

    • MD5

      807fdc437e03d6c168792b8773e4f73c

    • SHA1

      2b593b3505b09aa2a322a8aab3c20161b461dd23

    • SHA256

      3401c787e69edb72ca1216677ec2e0adb3c51db92c03dc88fa4f11e046e727d0

    • SHA512

      fd4ab96c99c80d8ba23a6dce61471aa2544c2778236bca5f2010d196509e53ca8288cc4f89d79d5b54d90e8da6ab801a0b62e50ca859ea826a4ef17aaeae04d8

    • SSDEEP

      12288:SdjX6gJi4/KolPowKqRwzR+3uFnBHR1b536JEDwJ7BYfQphPqfEosRZihYFhyQB6:hQQQwdt1NfZTQ+iilL848

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Drops file in Drivers directory

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks