General
-
Target
JaffaCakes118_d2b5cb2b7b5d4d97b47bfd514b15021f
-
Size
77KB
-
Sample
250109-z91nys1qdv
-
MD5
d2b5cb2b7b5d4d97b47bfd514b15021f
-
SHA1
245715e182f630220b5c206ac4c979b0872e21bc
-
SHA256
37085bf7f41bf2725a494083455abf1b162873ae0087bc97ec838d96ae190ebc
-
SHA512
8407cab85725f76e2f93cdecb83bd15c53e87ab53e661aa7b146201ae9c8b9a73679088d0e8a4291f01281890263c07d515db5e6595a62aefb952234b68cc73e
-
SSDEEP
768:jH6O4ktUTswgWHowV2+Ej3R22DFUXbPVuHN8fEijQoSiz63OXPrQ1NbbpXMmH2qf:uRkn3RpDFULPVuyf/QMXPrQr3pXZW0
Malware Config
Targets
-
-
Target
JaffaCakes118_d2b5cb2b7b5d4d97b47bfd514b15021f
-
Size
77KB
-
MD5
d2b5cb2b7b5d4d97b47bfd514b15021f
-
SHA1
245715e182f630220b5c206ac4c979b0872e21bc
-
SHA256
37085bf7f41bf2725a494083455abf1b162873ae0087bc97ec838d96ae190ebc
-
SHA512
8407cab85725f76e2f93cdecb83bd15c53e87ab53e661aa7b146201ae9c8b9a73679088d0e8a4291f01281890263c07d515db5e6595a62aefb952234b68cc73e
-
SSDEEP
768:jH6O4ktUTswgWHowV2+Ej3R22DFUXbPVuHN8fEijQoSiz63OXPrQ1NbbpXMmH2qf:uRkn3RpDFULPVuyf/QMXPrQr3pXZW0
Score10/10-
Njrat family
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1