General

  • Target

    82dc6c0dc12c825ca08476fedfa43f42_JaffaCakes118

  • Size

    757KB

  • Sample

    240530-dp2vmacd3v

  • MD5

    82dc6c0dc12c825ca08476fedfa43f42

  • SHA1

    90c4b99fdb3ff907b71a426548116e2e6ec79321

  • SHA256

    9d78c57883aa25677447417536a896c1413eacb101a9956050fd134b01b9424e

  • SHA512

    0dc365e54e1fec5d9465f76ef089ca26aec195d2c5b4eaf7c40ec02957ba278393eb0590b727766bb513251aeecbb36fe2991e95622f0ff5b5a81306b290ab33

  • SSDEEP

    12288:LxmIJQvPkitE4Y1x2S9tKOqqJa9a9WfMD7pbEK6XMr2pQQn+f+60LjW4R3pvlEmp:dmoO8itLix22tKOqqJa9a9WfMD7pbEK8

Malware Config

Targets

    • Target

      82dc6c0dc12c825ca08476fedfa43f42_JaffaCakes118

    • Size

      757KB

    • MD5

      82dc6c0dc12c825ca08476fedfa43f42

    • SHA1

      90c4b99fdb3ff907b71a426548116e2e6ec79321

    • SHA256

      9d78c57883aa25677447417536a896c1413eacb101a9956050fd134b01b9424e

    • SHA512

      0dc365e54e1fec5d9465f76ef089ca26aec195d2c5b4eaf7c40ec02957ba278393eb0590b727766bb513251aeecbb36fe2991e95622f0ff5b5a81306b290ab33

    • SSDEEP

      12288:LxmIJQvPkitE4Y1x2S9tKOqqJa9a9WfMD7pbEK6XMr2pQQn+f+60LjW4R3pvlEmp:dmoO8itLix22tKOqqJa9a9WfMD7pbEK8

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks