General

  • Target

    3a24a5e25e863a5a5d6186a45255a1c2_JaffaCakes118

  • Size

    159KB

  • Sample

    240729-gllwsazejb

  • MD5

    3a24a5e25e863a5a5d6186a45255a1c2

  • SHA1

    70773075c0cdb6735d369bcc9bc2fd4c5ae7df21

  • SHA256

    2454d64559ffdaf95915ebea1ad0a5310fa2ef724e42d8e510e4cac97078e80f

  • SHA512

    56e30af4032cf2ea9597dd117df59c7ba182de86406e4bec47d8070898b94b6538d18bb6d44337c509b7d04a9749668f23bc5ef4224e2a64e332da8bb568a6f6

  • SSDEEP

    3072:i0xOqI+epTlAuOXLu9SwbCyrJ77y7c+7TJwjBht1kZAcrqbHf:i0ilAuW3k3rBQ7lwj7kZPWz

Malware Config

Targets

    • Target

      3a24a5e25e863a5a5d6186a45255a1c2_JaffaCakes118

    • Size

      159KB

    • MD5

      3a24a5e25e863a5a5d6186a45255a1c2

    • SHA1

      70773075c0cdb6735d369bcc9bc2fd4c5ae7df21

    • SHA256

      2454d64559ffdaf95915ebea1ad0a5310fa2ef724e42d8e510e4cac97078e80f

    • SHA512

      56e30af4032cf2ea9597dd117df59c7ba182de86406e4bec47d8070898b94b6538d18bb6d44337c509b7d04a9749668f23bc5ef4224e2a64e332da8bb568a6f6

    • SSDEEP

      3072:i0xOqI+epTlAuOXLu9SwbCyrJ77y7c+7TJwjBht1kZAcrqbHf:i0ilAuW3k3rBQ7lwj7kZPWz

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks