General
-
Target
JaffaCakes118_540286ff47adaebefe6a2e0f2b9eb710
-
Size
400KB
-
Sample
250101-n1qxlswpdk
-
MD5
540286ff47adaebefe6a2e0f2b9eb710
-
SHA1
4d8c8a563084b2b78a191ec5038f13c38f8589d5
-
SHA256
19ba2b0bdbb7794da2f84ce4b601163d0ddaa61bb3b6e20b9210d859e4a83ad8
-
SHA512
ef3d2a1f42c21f6d0902e544399c6bab8974482ce207617b3e122dc4227445972c6da0a0816b2a78f348c357e1bf37177dfa105fc6285ffce9d250281ea2c600
-
SSDEEP
3072:lLkX4uRAiZ+odTV2UELRqnSFLW7RE+n/5t+mbbwkqZWQIpjFaI5SFQ9cRWFgvU/h:lwOkHbr1GU/gJ
Malware Config
Targets
-
-
Target
JaffaCakes118_540286ff47adaebefe6a2e0f2b9eb710
-
Size
400KB
-
MD5
540286ff47adaebefe6a2e0f2b9eb710
-
SHA1
4d8c8a563084b2b78a191ec5038f13c38f8589d5
-
SHA256
19ba2b0bdbb7794da2f84ce4b601163d0ddaa61bb3b6e20b9210d859e4a83ad8
-
SHA512
ef3d2a1f42c21f6d0902e544399c6bab8974482ce207617b3e122dc4227445972c6da0a0816b2a78f348c357e1bf37177dfa105fc6285ffce9d250281ea2c600
-
SSDEEP
3072:lLkX4uRAiZ+odTV2UELRqnSFLW7RE+n/5t+mbbwkqZWQIpjFaI5SFQ9cRWFgvU/h:lwOkHbr1GU/gJ
Score10/10-
Njrat family
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1