General
-
Target
ef71105eb93854135abead9616cd8368_JaffaCakes118
-
Size
74KB
-
Sample
240921-kqgpeatelc
-
MD5
ef71105eb93854135abead9616cd8368
-
SHA1
bda3a6a64be575e9946efbad306dd6c80c036d71
-
SHA256
3ca5871b409cebd1d8f13e0c9afdd4f3999272206e0648b2138fbb41cb9cb1bf
-
SHA512
7a13a6c5192e7321185f19511a9581e90b0f284183fba167a4af0e15afb7f1f52f2d63547f421548c2039cd8ea8ac810ab4f144c560c56d85c19df82b2cdd18f
-
SSDEEP
1536:07algoWDgtr2ZPdY9eX+DC7PWhtFmGn+NWBeuePdkiw:01Lir2ZPO9W4CDit7YK+1r
Malware Config
Targets
-
-
Target
ef71105eb93854135abead9616cd8368_JaffaCakes118
-
Size
74KB
-
MD5
ef71105eb93854135abead9616cd8368
-
SHA1
bda3a6a64be575e9946efbad306dd6c80c036d71
-
SHA256
3ca5871b409cebd1d8f13e0c9afdd4f3999272206e0648b2138fbb41cb9cb1bf
-
SHA512
7a13a6c5192e7321185f19511a9581e90b0f284183fba167a4af0e15afb7f1f52f2d63547f421548c2039cd8ea8ac810ab4f144c560c56d85c19df82b2cdd18f
-
SSDEEP
1536:07algoWDgtr2ZPdY9eX+DC7PWhtFmGn+NWBeuePdkiw:01Lir2ZPO9W4CDit7YK+1r
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1