General
-
Target
JaffaCakes118_2515a479e1b5aeebc313b0d337aa8be20a7d185414a5f1a76d98c0d31285f9a3
-
Size
166KB
-
Sample
241229-rs6jwatmax
-
MD5
4f0a15b2f8d3bc8dd261b28b71685bc3
-
SHA1
7cef8b2f229d2319145f3728682f581935d1d2ca
-
SHA256
2515a479e1b5aeebc313b0d337aa8be20a7d185414a5f1a76d98c0d31285f9a3
-
SHA512
9d9ccfc2335c88d0973a0ce0389612f8febee9213963196ba5b670faeae74dc6c334f9a1f842ccacc6a575ba9085eba64620e36f4c4227c8278b21f302660f51
-
SSDEEP
3072:nQBqZ/B+v0JqlfqkNTdQqm7J2E+vYCgbrJCVQhMdT:nQB0idqHogbWaMd
Malware Config
Targets
-
-
Target
JaffaCakes118_2515a479e1b5aeebc313b0d337aa8be20a7d185414a5f1a76d98c0d31285f9a3
-
Size
166KB
-
MD5
4f0a15b2f8d3bc8dd261b28b71685bc3
-
SHA1
7cef8b2f229d2319145f3728682f581935d1d2ca
-
SHA256
2515a479e1b5aeebc313b0d337aa8be20a7d185414a5f1a76d98c0d31285f9a3
-
SHA512
9d9ccfc2335c88d0973a0ce0389612f8febee9213963196ba5b670faeae74dc6c334f9a1f842ccacc6a575ba9085eba64620e36f4c4227c8278b21f302660f51
-
SSDEEP
3072:nQBqZ/B+v0JqlfqkNTdQqm7J2E+vYCgbrJCVQhMdT:nQB0idqHogbWaMd
Score10/10-
Njrat family
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1