General
-
Target
37a86216c458c5dd8a3e367803efa6d0_JaffaCakes118
-
Size
221KB
-
Sample
241012-a7926sxgqj
-
MD5
37a86216c458c5dd8a3e367803efa6d0
-
SHA1
1b59850e222357ce5d2662516beece2a7173ed4a
-
SHA256
0969126c654c17df52be5a4bb38cfdb5a210f0abdd8a2d6640134d2921cf865a
-
SHA512
33125ca7ce0af8896c52fa6de2db0d906d4579b64f34663319a6659cabe8a84762c5dd36dcb59749c11fe16efe70704e2c9ec69d4c3a5b9a991d33bb610cb31f
-
SSDEEP
6144:2ZWrHyK/8apVQumALDHvvd9eAmqURqgO7BB:2ZWWK/8AVQumALDHqAYRzmBB
Malware Config
Targets
-
-
Target
37a86216c458c5dd8a3e367803efa6d0_JaffaCakes118
-
Size
221KB
-
MD5
37a86216c458c5dd8a3e367803efa6d0
-
SHA1
1b59850e222357ce5d2662516beece2a7173ed4a
-
SHA256
0969126c654c17df52be5a4bb38cfdb5a210f0abdd8a2d6640134d2921cf865a
-
SHA512
33125ca7ce0af8896c52fa6de2db0d906d4579b64f34663319a6659cabe8a84762c5dd36dcb59749c11fe16efe70704e2c9ec69d4c3a5b9a991d33bb610cb31f
-
SSDEEP
6144:2ZWrHyK/8apVQumALDHvvd9eAmqURqgO7BB:2ZWWK/8AVQumALDHqAYRzmBB
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1