General
-
Target
JaffaCakes118_f518b92181d577f065d37a5bea8ece21
-
Size
812KB
-
Sample
250111-de8keszqbv
-
MD5
f518b92181d577f065d37a5bea8ece21
-
SHA1
f950f55f056010057c8fe427728a5a3a11320deb
-
SHA256
e83b309cc0449fd5467af9deae5ab1a96eb3dfdd79db1033606927690f500a95
-
SHA512
efaa4ab64b15ca198ee66d9f03ec38777dd61e7c82a6f35d5de2b97fadcffac52094772a428d4cb810524567c16a03e89b120fa127a46185629a01331f6d86fc
-
SSDEEP
12288:MlEp2n8+8EUo+t3Jayk94TYDGD1LVVOuJ5Jyw2P00RYun7OlHPLf5zPDKg5V1/I:Ml0+sBXDJj7u7O9PZDKg5fQ
Malware Config
Targets
-
-
Target
JaffaCakes118_f518b92181d577f065d37a5bea8ece21
-
Size
812KB
-
MD5
f518b92181d577f065d37a5bea8ece21
-
SHA1
f950f55f056010057c8fe427728a5a3a11320deb
-
SHA256
e83b309cc0449fd5467af9deae5ab1a96eb3dfdd79db1033606927690f500a95
-
SHA512
efaa4ab64b15ca198ee66d9f03ec38777dd61e7c82a6f35d5de2b97fadcffac52094772a428d4cb810524567c16a03e89b120fa127a46185629a01331f6d86fc
-
SSDEEP
12288:MlEp2n8+8EUo+t3Jayk94TYDGD1LVVOuJ5Jyw2P00RYun7OlHPLf5zPDKg5V1/I:Ml0+sBXDJj7u7O9PZDKg5fQ
Score10/10-
Njrat family
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1