General

  • Target

    5022d0bbd3bc79e688f26ab39736a180_JaffaCakes118

  • Size

    368KB

  • Sample

    241017-bx32jsvdqa

  • MD5

    5022d0bbd3bc79e688f26ab39736a180

  • SHA1

    2ff4398f048b9cfb5adb80b37672f33eea695d39

  • SHA256

    4d7f60f5f9cd63e753868459d0468b2925cdad0dc9dd53f889e662aa428efebf

  • SHA512

    93dd1c76d0579233817af20f495f836eb40e14253ccc048eccc932edc8731ab47443941b4d0fb66e6ef20f0e3ae8f7899d699a0b5a164d4f96b333d6d5c91524

  • SSDEEP

    6144:JgRHAU4b69faujFyMM3mH1FE+yBFSDhvKHpuEskuTpUSZT3c:Jg12H3mH14BFSDhZEBuTpUw3

Malware Config

Targets

    • Target

      5022d0bbd3bc79e688f26ab39736a180_JaffaCakes118

    • Size

      368KB

    • MD5

      5022d0bbd3bc79e688f26ab39736a180

    • SHA1

      2ff4398f048b9cfb5adb80b37672f33eea695d39

    • SHA256

      4d7f60f5f9cd63e753868459d0468b2925cdad0dc9dd53f889e662aa428efebf

    • SHA512

      93dd1c76d0579233817af20f495f836eb40e14253ccc048eccc932edc8731ab47443941b4d0fb66e6ef20f0e3ae8f7899d699a0b5a164d4f96b333d6d5c91524

    • SSDEEP

      6144:JgRHAU4b69faujFyMM3mH1FE+yBFSDhvKHpuEskuTpUSZT3c:Jg12H3mH14BFSDhZEBuTpUw3

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v15

Tasks