General
-
Target
JaffaCakes118_6ee288c4a829c27e75cf09b40d7aefc0
-
Size
235KB
-
Sample
250103-xts8ts1pbr
-
MD5
6ee288c4a829c27e75cf09b40d7aefc0
-
SHA1
7fb6fda4c02140f227f05f56dd945cbaa36a1f07
-
SHA256
0c6b8ea1283b7357cfef654f2a8c2fa5d601f3f46b41cc7ada7f11f4cee2cd99
-
SHA512
369d5b240f49fa79f940af9f987d7087a2bd363144292ed37bb6b5c4c612f98c4fe6e317f2e561d3565b35eb53196cca95718c07da70594bafe1286fdcd3480c
-
SSDEEP
6144:hBLL/nAL2GhNchlnvV9dxLo6RDtNaYCdS:7L+2iNEv/dC6RDtNal8
Malware Config
Targets
-
-
Target
JaffaCakes118_6ee288c4a829c27e75cf09b40d7aefc0
-
Size
235KB
-
MD5
6ee288c4a829c27e75cf09b40d7aefc0
-
SHA1
7fb6fda4c02140f227f05f56dd945cbaa36a1f07
-
SHA256
0c6b8ea1283b7357cfef654f2a8c2fa5d601f3f46b41cc7ada7f11f4cee2cd99
-
SHA512
369d5b240f49fa79f940af9f987d7087a2bd363144292ed37bb6b5c4c612f98c4fe6e317f2e561d3565b35eb53196cca95718c07da70594bafe1286fdcd3480c
-
SSDEEP
6144:hBLL/nAL2GhNchlnvV9dxLo6RDtNaYCdS:7L+2iNEv/dC6RDtNal8
Score10/10-
Njrat family
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1