General

  • Target

    d9099f83917e6efe7280a1863699ca47_JaffaCakes118

  • Size

    125KB

  • Sample

    241209-lv9resymbl

  • MD5

    d9099f83917e6efe7280a1863699ca47

  • SHA1

    752f9f428ae1a7e1d79690ffcd7441f43ca7c0b9

  • SHA256

    beaa6a37227f0830fb24eb0114eb01cc119224b90307d921491df0154bca1b0a

  • SHA512

    3a9b3a7f746d7defb9aa82e14100139b5495f31b6ce603bdf282aeaa8064a09d134c74089cda6e44efc32b0c0e37fd7ec6932b1b87f015b62cb80a544e51d36a

  • SSDEEP

    3072:28mGSm+6N6CmgIRe6HpWnqEm/OUvnRPFULnrqA61tZ4g:omT36Hp4mbKnrH6fZ4

Malware Config

Targets

    • Target

      d9099f83917e6efe7280a1863699ca47_JaffaCakes118

    • Size

      125KB

    • MD5

      d9099f83917e6efe7280a1863699ca47

    • SHA1

      752f9f428ae1a7e1d79690ffcd7441f43ca7c0b9

    • SHA256

      beaa6a37227f0830fb24eb0114eb01cc119224b90307d921491df0154bca1b0a

    • SHA512

      3a9b3a7f746d7defb9aa82e14100139b5495f31b6ce603bdf282aeaa8064a09d134c74089cda6e44efc32b0c0e37fd7ec6932b1b87f015b62cb80a544e51d36a

    • SSDEEP

      3072:28mGSm+6N6CmgIRe6HpWnqEm/OUvnRPFULnrqA61tZ4g:omT36Hp4mbKnrH6fZ4

    • Njrat family

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks