Overview

overview

10

Static

static

5

AdflyBuild...er.exe

windows7-x64

10

AdflyBuild...er.exe

windows10-2004-x64

10

AdflyBuild...er.dll

windows7-x64

1

AdflyBuild...er.dll

windows10-2004-x64

1

AdflyBuild...er.exe

windows7-x64

1

AdflyBuild...er.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e79ca3fd565998a8d3baed39ba3ff987_JaffaCakes118

  • Size

    5.3MB

  • Sample

    240917-yv4xdssdmd

  • MD5

    e79ca3fd565998a8d3baed39ba3ff987

  • SHA1

    b31c944053fb81084e90f0921de95b4b83e71fd1

  • SHA256

    eb6191e041d18dd77fae0ab798b7f6ecd720e5645f472c45894890fe26811046

  • SHA512

    8253e1f48ac2629675788a669ad6eb9fdb6992005bc08ea2e055156cc69eb8bc3782212cbe8ff575dc1156a02cd96ee88eaee2fe0afd865492c5e9a23949c704

  • SSDEEP

    98304:ZFIa6pXl8JjUfd6rMIMcBWw69JfMVxMhyRznJK8iiGIqm4Vrt/0c7xUi:68JjUg4IMcBtQJfMuyRbJK8ieD4VB/3J

Score
10/10
njratdiscoveryevasionpersistenceprivilege_escalationtrojan

Malware Config

Targets

    • Target

      AdflyBuilder/Adfly Builder.exe

    • Size

      937KB

    • MD5

      58580937b2ce68e14b392627035d5188

    • SHA1

      d959cfe8f5fa2ca76e72d67420f9a36bfe33178a

    • SHA256

      7d7969ac408adf06fd3dc573406d582e1f39711b19313ecab050f180ce074a75

    • SHA512

      13d1564d4d03bf844ff73957c43c01ff901aa29122fb8b279ce59e66ed6c8abc3bf4b9128e095625858c7bf964cb87bfbd8dc5c542aa09e09b60ffab0ece7394

    • SSDEEP

      12288:iCdOy3vVrKxR5CXbNjAOxK/j2n+4YG/6c1mFFja3mXgcjfRlgsUBgaXTYVfCJuk8:iCdxte/80jYLT3U1jfsWaDYBcmCtQ

    Score
    10/10
    njratdiscoveryevasionpersistenceprivilege_escalationtrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

    • Target

      AdflyBuilder/WebDriver.dll

    • Size

      1.6MB

    • MD5

      a5d06fe186c2000e55cd25461f257cf3

    • SHA1

      817b514a2d3343947da675c2f7581685f6370880

    • SHA256

      da26bc593becc1a8d720d5572d4a221031b2437af32dee79a40e0be56f3b3b18

    • SHA512

      9c1c2efeae7eccb4768133aa40fc1a2a00b640d0ec015c1b748250dbab8b05ef5b081253402ee2ecfe31a304ef681f2bc284ba50a962dfec14c83f3cf106af7a

    • SSDEEP

      24576:Q0XaerVSth54OBqEC4OBUfsHobkJUjuH/vXVxobr+Slz7DucFoiXywQfYHEzq:QmSgqfsHZOj0/bW+Sd7DucFoiXyP

    Score
    1/10
    behavioral3behavioral4

    • Target

      AdflyBuilder/chromedriver.exe

    • Size

      7.9MB

    • MD5

      bb7b1b570085678dc8275b69e15e291f

    • SHA1

      9edd6f8af6f86f34c44e7fa8cb083066422a22b2

    • SHA256

      37be657565f507fa471863e5e7340efecf6e31d01bfe3f514767998f22cd67e2

    • SHA512

      12ef94baed8334c980b403dbdf8e9da7b967cdf1c5962e383d20501a6ce546900c0b142ddc76c7ea5b5a4bf5a69c300f2535b9a3c4672e3561c3776cdb1ca36c

    • SSDEEP

      98304:/+tt3dRDCJ2PGCQFrDKYqvnByl2wx1yXNF/misoW6yBpV3LAUyj:cxdBCJRCefga2wx1yXNR+oW6u

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks