General
-
Target
JaffaCakes118_62255580a8d1305ebe87087a087ed5a0
-
Size
150KB
-
Sample
250102-c33teaync1
-
MD5
62255580a8d1305ebe87087a087ed5a0
-
SHA1
8b2fd336f183d902de31e4d35cf7e75059ad4417
-
SHA256
3547f76e9402311df65abf4d79c8d0c4176aae5788bfa29946f0aff512e90774
-
SHA512
8806e2bb4af41022791ee28e70a68191206b43af72c66acd91ff830b336c272e1c66024096666d7fd4e7ba4b5d518c0cc6a519970ca94242b25901b6fecf6010
-
SSDEEP
3072:QxLubV/ZyD7+kVXqit9gn1xJAUFr1qJ4zpuscooRCmVL4Jbr1fDtI:PbKXqOIUUvS4zpuscjCm54JBfZI
Malware Config
Targets
-
-
Target
JaffaCakes118_62255580a8d1305ebe87087a087ed5a0
-
Size
150KB
-
MD5
62255580a8d1305ebe87087a087ed5a0
-
SHA1
8b2fd336f183d902de31e4d35cf7e75059ad4417
-
SHA256
3547f76e9402311df65abf4d79c8d0c4176aae5788bfa29946f0aff512e90774
-
SHA512
8806e2bb4af41022791ee28e70a68191206b43af72c66acd91ff830b336c272e1c66024096666d7fd4e7ba4b5d518c0cc6a519970ca94242b25901b6fecf6010
-
SSDEEP
3072:QxLubV/ZyD7+kVXqit9gn1xJAUFr1qJ4zpuscooRCmVL4Jbr1fDtI:PbKXqOIUUvS4zpuscjCm54JBfZI
Score10/10-
Njrat family
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1