General

  • Target

    3799833548a3e8bdd526ae0ed3398913_JaffaCakes118

  • Size

    165KB

  • Sample

    241012-axxdbsxcmk

  • MD5

    3799833548a3e8bdd526ae0ed3398913

  • SHA1

    2ef660ea22a7e134196b464c9bddffd6b0d2b045

  • SHA256

    6dae0159d5da508bf4fadc7a19fba5d13d3494d75db63713ac54fc0c31b09d6e

  • SHA512

    3297bea07f15ebae219e913a94c425bac4bf6c6539f03c3597f9a8b6f16c5d629c5bf879e35356e131aa0311179d4a58fe5d8a150f03d90e9f22c9257b8209d2

  • SSDEEP

    3072:FUCyJ/p6r/INNEfINdo4OpqkjdrfRL9OcEG7O8HVbdnj36vY058siwx5J:KCHfIM4Opb7klkbC5Dis

Malware Config

Targets

    • Target

      3799833548a3e8bdd526ae0ed3398913_JaffaCakes118

    • Size

      165KB

    • MD5

      3799833548a3e8bdd526ae0ed3398913

    • SHA1

      2ef660ea22a7e134196b464c9bddffd6b0d2b045

    • SHA256

      6dae0159d5da508bf4fadc7a19fba5d13d3494d75db63713ac54fc0c31b09d6e

    • SHA512

      3297bea07f15ebae219e913a94c425bac4bf6c6539f03c3597f9a8b6f16c5d629c5bf879e35356e131aa0311179d4a58fe5d8a150f03d90e9f22c9257b8209d2

    • SSDEEP

      3072:FUCyJ/p6r/INNEfINdo4OpqkjdrfRL9OcEG7O8HVbdnj36vY058siwx5J:KCHfIM4Opb7klkbC5Dis

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks