General

  • Target

    37a86216c458c5dd8a3e367803efa6d0_JaffaCakes118

  • Size

    221KB

  • Sample

    241012-a7926sxgqj

  • MD5

    37a86216c458c5dd8a3e367803efa6d0

  • SHA1

    1b59850e222357ce5d2662516beece2a7173ed4a

  • SHA256

    0969126c654c17df52be5a4bb38cfdb5a210f0abdd8a2d6640134d2921cf865a

  • SHA512

    33125ca7ce0af8896c52fa6de2db0d906d4579b64f34663319a6659cabe8a84762c5dd36dcb59749c11fe16efe70704e2c9ec69d4c3a5b9a991d33bb610cb31f

  • SSDEEP

    6144:2ZWrHyK/8apVQumALDHvvd9eAmqURqgO7BB:2ZWWK/8AVQumALDHqAYRzmBB

Malware Config

Targets

    • Target

      37a86216c458c5dd8a3e367803efa6d0_JaffaCakes118

    • Size

      221KB

    • MD5

      37a86216c458c5dd8a3e367803efa6d0

    • SHA1

      1b59850e222357ce5d2662516beece2a7173ed4a

    • SHA256

      0969126c654c17df52be5a4bb38cfdb5a210f0abdd8a2d6640134d2921cf865a

    • SHA512

      33125ca7ce0af8896c52fa6de2db0d906d4579b64f34663319a6659cabe8a84762c5dd36dcb59749c11fe16efe70704e2c9ec69d4c3a5b9a991d33bb610cb31f

    • SSDEEP

      6144:2ZWrHyK/8apVQumALDHvvd9eAmqURqgO7BB:2ZWWK/8AVQumALDHqAYRzmBB

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks