General

  • Target

    9fn73.9no36Ta58NT09.msi

  • Size

    4.7MB

  • Sample

    250710-l3ldssfn41

  • MD5

    de11340689f62dd83e53bb2d7c348435

  • SHA1

    be8f3f5d590d4288887dd95944c2a4f6e7b7809e

  • SHA256

    998c36e40f2ea404d9f8d66fd4815adedae74a91a7fd3c02d0ab4196195650f3

  • SHA512

    e14d6bacfe1aca4f9738bca46506b9a11d373d83ab5bf09c5692203e67d9f50bce64283924aa9c66569055361510f74755fa92d8ebb70eb0e15e527b35a2a56e

  • SSDEEP

    98304:oxMvAtKknz5vqu9sRe4frUMXjcYm5mg8r5lAQwJLx1ZAb+cveE8K6F2csq1P:obYu9sRVjW5mg8o9nAScvtXu2tE

Malware Config

Targets

    • Target

      9fn73.9no36Ta58NT09.msi

    • Size

      4.7MB

    • MD5

      de11340689f62dd83e53bb2d7c348435

    • SHA1

      be8f3f5d590d4288887dd95944c2a4f6e7b7809e

    • SHA256

      998c36e40f2ea404d9f8d66fd4815adedae74a91a7fd3c02d0ab4196195650f3

    • SHA512

      e14d6bacfe1aca4f9738bca46506b9a11d373d83ab5bf09c5692203e67d9f50bce64283924aa9c66569055361510f74755fa92d8ebb70eb0e15e527b35a2a56e

    • SSDEEP

      98304:oxMvAtKknz5vqu9sRe4frUMXjcYm5mg8r5lAQwJLx1ZAb+cveE8K6F2csq1P:obYu9sRVjW5mg8o9nAScvtXu2tE

    • Detect JanelaRAT payload

    • JanelaRAT

      JanelaRAT is a trojan targeting FinTech users in the LATAM region written in C#.

    • Janelarat family

    • Adds Run key to start application

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v16

Tasks