General

  • Target

    Nota_Fiscald00043a05534.zip

  • Size

    4.2MB

  • Sample

    250701-tqf8bawyds

  • MD5

    3cd46145ae8b05948f7c8b68ea802df4

  • SHA1

    700210aff6f4d40331ff5c572d476deb9546083b

  • SHA256

    9690ddde7fd841e630242dcdc7740ef8d18c3775eaa1db5213ac0346b96efed2

  • SHA512

    6be5f12244b4720aeb0f6b7de0d5724580b3c521c592a14bf3a06348efcedfa5ac1263cfd58bc302cf1db1c771c3c8855a3ee187f1e6b7275c65669e35b1182b

  • SSDEEP

    98304:5RGwPnbpZfMdHl/nGq3LYLm6CTDGcjlX522DpW0luP7Q:5EWfcF+tJUDGcjlX82VW0luP7Q

Malware Config

Targets

    • Target

      5fn92.3no23Ta46NT86.msi

    • Size

      5.4MB

    • MD5

      8c21c7cc9c3df18ef55fa9b399d24bee

    • SHA1

      cc4ae55b536ff6bceeb748c5d2fa9fd691ecc94b

    • SHA256

      e86274b854dffcb30dd1520662591706def1ae6f7edc8d784c15c69eca69fef1

    • SHA512

      1e7c198b905cc0483018b5d00a82424583e1bc3eee24d2915904e0035482017b14dc4a1e94b83d951ac0faaa6901062ea6cfb74372d922f42578604d18ce8c0b

    • SSDEEP

      98304:gxMvAtKknz5vqulsRe4frUMXjcY9LPWB3RyNm6mZnoqtX9vSgFlWelkF4I:gbYulsRVj4+PqnoqtX9agDWelkF4I

    • Detect JanelaRAT payload

    • JanelaRAT

      JanelaRAT is a trojan targeting FinTech users in the LATAM region written in C#.

    • Janelarat family

    • Drops startup file

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v16

Tasks