General
-
Target
f6ab4bcb6d58db1b8cb081f3a47196f2_JaffaCakes118
-
Size
288KB
-
Sample
240925-xqx3lsvgje
-
MD5
f6ab4bcb6d58db1b8cb081f3a47196f2
-
SHA1
3948d5a63bcf297da39d69a900dc2ae04301c0a5
-
SHA256
0221de854c7ac6e62368fe0841dc50fd3d651194dfaf236ddcc6ab9c1216aef7
-
SHA512
9b61b25a55a1b7654932e89647012c0318c755304dc4851cb2c9ca760e69216549fdd99e2d0945b1a2c2b8607081eb007de9d488da2f50e6f1c1afcfbaead9d6
-
SSDEEP
3072:sK4sgHov1esBm4fG1+051rO5UrpnMva1JzQgIurv/cM9tJ8Gt3UAtW9dDa26LNe7:d6y9BlfG007r8C/vR8WSD+43o9BA
Malware Config
Targets
-
-
Target
f6ab4bcb6d58db1b8cb081f3a47196f2_JaffaCakes118
-
Size
288KB
-
MD5
f6ab4bcb6d58db1b8cb081f3a47196f2
-
SHA1
3948d5a63bcf297da39d69a900dc2ae04301c0a5
-
SHA256
0221de854c7ac6e62368fe0841dc50fd3d651194dfaf236ddcc6ab9c1216aef7
-
SHA512
9b61b25a55a1b7654932e89647012c0318c755304dc4851cb2c9ca760e69216549fdd99e2d0945b1a2c2b8607081eb007de9d488da2f50e6f1c1afcfbaead9d6
-
SSDEEP
3072:sK4sgHov1esBm4fG1+051rO5UrpnMva1JzQgIurv/cM9tJ8Gt3UAtW9dDa26LNe7:d6y9BlfG007r8C/vR8WSD+43o9BA
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1