General
-
Target
10ba0640482a39b20ec3bedc06fba520_JaffaCakes118
-
Size
76KB
-
Sample
241003-19g3aazdkq
-
MD5
10ba0640482a39b20ec3bedc06fba520
-
SHA1
745d6dca1f30e3b692db5b07edd42bab26bfd479
-
SHA256
08fa720adecae0b0b21c3ccd6d95779828c52cd3236fabec6147ea7384225ae4
-
SHA512
c56bf1a801217a7ac61fdb1c7bd458c78e52f855c4fc8c1fd82bdf966215994454b4358986ecb285604a0606ecdf24a22fd5edcee5bd7f949e72c53be02493d4
-
SSDEEP
1536:6aVizJzXeGY2/Izyy9v++ADt9HfLkvnVx1o:sDfWyy5tO9/LkNxu
Malware Config
Targets
-
-
Target
10ba0640482a39b20ec3bedc06fba520_JaffaCakes118
-
Size
76KB
-
MD5
10ba0640482a39b20ec3bedc06fba520
-
SHA1
745d6dca1f30e3b692db5b07edd42bab26bfd479
-
SHA256
08fa720adecae0b0b21c3ccd6d95779828c52cd3236fabec6147ea7384225ae4
-
SHA512
c56bf1a801217a7ac61fdb1c7bd458c78e52f855c4fc8c1fd82bdf966215994454b4358986ecb285604a0606ecdf24a22fd5edcee5bd7f949e72c53be02493d4
-
SSDEEP
1536:6aVizJzXeGY2/Izyy9v++ADt9HfLkvnVx1o:sDfWyy5tO9/LkNxu
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1