General
-
Target
JaffaCakes118_68e8ba897bec623a6a465e35d19dd3d0
-
Size
1.3MB
-
Sample
250102-3mfbaaznfy
-
MD5
68e8ba897bec623a6a465e35d19dd3d0
-
SHA1
a146663d3af1aab243ebe2993d92f115a252f7ef
-
SHA256
2ee7261df19e596c744a2cd7fc6785c84e980f48e437f4684cd78b6f9d8fddc2
-
SHA512
582629fe538eecd64fc280c5e277422a9b9899f2572b2c1f98b658164a16c25c712b041e31435df2a729dfd8e6619e6ca78277b451e76a76e568fd7178d95a54
-
SSDEEP
24576:pjLyRpuoSgo1dlYDo/363IZQPj16Ua+I:pjgpv/o1PY0/363IZQPR6T
Malware Config
Targets
-
-
Target
JaffaCakes118_68e8ba897bec623a6a465e35d19dd3d0
-
Size
1.3MB
-
MD5
68e8ba897bec623a6a465e35d19dd3d0
-
SHA1
a146663d3af1aab243ebe2993d92f115a252f7ef
-
SHA256
2ee7261df19e596c744a2cd7fc6785c84e980f48e437f4684cd78b6f9d8fddc2
-
SHA512
582629fe538eecd64fc280c5e277422a9b9899f2572b2c1f98b658164a16c25c712b041e31435df2a729dfd8e6619e6ca78277b451e76a76e568fd7178d95a54
-
SSDEEP
24576:pjLyRpuoSgo1dlYDo/363IZQPj16Ua+I:pjgpv/o1PY0/363IZQPR6T
Score10/10-
Njrat family
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1